oss-sec mailing list archives
Re: CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC
From: Seth Arnold <seth.arnold () canonical com>
Date: Fri, 18 Aug 2023 00:20:43 +0000
On Thu, Aug 17, 2023 at 01:07:16PM +0000, Elad Kalif wrote:
https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-40272
hello Elad, thanks for contacting the oss-security mail list about this security issue in an Apache project. I'd like to suggest that your email would be far more useful if it included details like a direct link to a patch in a source control system or attached the patch directly. It is also helpful to know when a flaw was introduced, if this information is already known. This particular email has very few details and no references for a fix so it is very difficult for anyone to take concrete actions. Here's two recent postings that are far easier for downstream distributors and consumers alike to use: https://www.openwall.com/lists/oss-security/2023/04/04/1 https://www.openwall.com/lists/oss-security/2023/03/21/3 I'd like to encourage Apache to use these as inspiration for future oss-security postings. Thanks
Attachment:
signature.asc
Description:
Current thread:
- CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC Elad Kalif (Aug 17)
- Re: CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC Seth Arnold (Aug 17)