CVE-2023-25692 – apache-airflow-providers-google

Package

Manager: pip
Name: apache-airflow-providers-google
Vulnerable Version: >=0 <8.10.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00213 pctl0.43881

Details

Apache Airflow Google Provider Improper Input Validation vulnerability Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.

Metadata

Created: 2023-02-24T12:31:20Z
Modified: 2023-03-06T21:58:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-h8p2-8g72-qpgh/GHSA-h8p2-8g72-qpgh.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-h8p2-8g72-qpgh
Finding: F184
Auto approve: 1