oss-sec mailing list archives
CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow
From: Jarek Potiuk <potiuk () apache org>
Date: Sat, 21 Jan 2023 00:50:27 +0000
Severity: important Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. Credit: Son Tran from VNPT - VCI (reporter) References: https://github.com/apache/airflow/pull/28811 https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-22884
Current thread:
- CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow Jarek Potiuk (Jan 21)