CVE-2023-25696 – apache-airflow-providers-apache-hive

Package

Manager: pip
Name: apache-airflow-providers-apache-hive
Vulnerable Version: >=0 <5.1.3

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00483 pctl0.64264

Details

Apache Airflow Hive Provider Improper Input Validation vulnerability Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.

Metadata

Created: 2023-02-24T12:31:20Z
Modified: 2023-03-06T19:37:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-9mwf-mw74-9cv5/GHSA-9mwf-mw74-9cv5.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-9mwf-mw74-9cv5
Finding: F184
Auto approve: 1