oss-sec mailing list archives
CVE-2023-28706: Apache Airflow Hive Provider Beeline Remote Command Execution
From: Jarek Potiuk <potiuk () apache org>
Date: Fri, 07 Apr 2023 13:59:45 +0000
Severity: low Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0. Credit: sw0rd1ight of Caiji Sec Team and 4ra1n of Chaitin Tech (finder) References: https://github.com/apache/airflow/pull/30212 https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-28706
Current thread:
- CVE-2023-28706: Apache Airflow Hive Provider Beeline Remote Command Execution Jarek Potiuk (Apr 07)