logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2023-39553 apache-airflow

Package

Manager: pip
Name: apache-airflow
Vulnerable Version: =1.10.0 || =1.10.1 || =1.10.10 || =1.10.10rc1 || =1.10.10rc2 || =1.10.10rc3 || =1.10.10rc4 || =1.10.10rc5 || =1.10.11 || =1.10.11rc1 || =1.10.11rc2 || =1.10.12 || =1.10.12rc1 || =1.10.12rc2 || =1.10.12rc3 || =1.10.12rc4 || =1.10.13 || =1.10.13rc1 || =1.10.14 || =1.10.14rc1 || =1.10.14rc2 || =1.10.14rc3 || =1.10.14rc4 || =1.10.15 || =1.10.15rc1 || =1.10.1b1 || =1.10.1rc2 || =1.10.2 || =1.10.2b2 || =1.10.2rc1 || =1.10.2rc2 || =1.10.2rc3 || =1.10.3 || =1.10.3b1 || =1.10.3b2 || =1.10.3rc1 || =1.10.3rc2 || =1.10.4 || =1.10.4b2 || =1.10.4rc1 || =1.10.4rc2 || =1.10.4rc3 || =1.10.4rc4 || =1.10.4rc5 || =1.10.5 || =1.10.5rc1 || =1.10.6 || =1.10.6rc1 || =1.10.6rc2 || =1.10.7 || =1.10.7rc1 || =1.10.7rc2 || =1.10.7rc3 || =1.10.8 || =1.10.8rc1 || =1.10.9 || =1.10.9rc1 || =1.8.1 || =1.8.2 || =1.8.2rc1 || =1.9.0 || =2.0.0 || =2.0.0b1 || =2.0.0b2 || =2.0.0b3 || =2.0.0rc1 || =2.0.0rc2 || =2.0.0rc3 || =2.0.1 || =2.0.1rc1 || =2.0.1rc2 || =2.0.2 || =2.0.2rc1 || =2.1.0 || =2.1.0rc1 || =2.1.0rc2 || =2.1.1 || =2.1.1rc1 || =2.1.2 || =2.1.2rc1 || =2.1.3 || =2.1.3rc1 || =2.1.4 || =2.1.4rc1 || =2.1.4rc2 || =2.2.0 || =2.2.0b1 || =2.2.0b2 || =2.2.0rc1 || =2.2.1 || =2.2.1rc1 || =2.2.1rc2 || =2.2.2 || =2.2.2rc1 || =2.2.2rc2 || =2.2.3 || =2.2.3rc1 || =2.2.3rc2 || =2.2.4 || =2.2.4rc1 || =2.2.5 || =2.2.5rc1 || =2.2.5rc2 || =2.2.5rc3 || =2.3.0 || =2.3.0b1 || =2.3.0rc1 || =2.3.0rc2 || =2.3.1 || =2.3.1rc1 || =2.3.2 || =2.3.2rc1 || =2.3.2rc2 || =2.3.3 || =2.3.3rc1 || =2.3.3rc2 || =2.3.3rc3 || =2.3.4 || =2.3.4rc1 || =2.4.0 || =2.4.0b1 || =2.4.0rc1 || =2.4.1 || =2.4.1rc1 || =2.4.2 || =2.4.2rc1 || =2.4.3rc1 || >=0 <2.4.3

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01285 pctl0.78842

Details

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected.

Metadata

Created: 2023-08-11T08:15:00Z
Modified: 2023-11-08T04:13:15.006130Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F184
Auto approve: 1