oss-sec mailing list archives
CVE-2023-28707: Airflow Apache Drill Provider Arbitrary File Read Vulnerability
From: Jarek Potiuk <potiuk () apache org>
Date: Fri, 07 Apr 2023 13:57:35 +0000
Severity: low Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2. Credit: Kai Zhao of 3H Secruity Team (finder) References: https://github.com/apache/airflow/pull/30215 https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-28707
Current thread:
- CVE-2023-28707: Airflow Apache Drill Provider Arbitrary File Read Vulnerability Jarek Potiuk (Apr 07)