CVE-2023-25691 – apache-airflow-providers-google

Package

Manager: pip
Name: apache-airflow-providers-google
Vulnerable Version: >=0 <8.10.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00096 pctl0.27494

Details

Apache Airflow Google Provider Improper Input Validation vulnerability Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.

Metadata

Created: 2023-02-24T12:31:20Z
Modified: 2023-03-06T21:57:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-8g23-2q5p-8866/GHSA-8g23-2q5p-8866.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-8g23-2q5p-8866
Finding: F184
Auto approve: 1