oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-28706: Apache Airflow Hive Provider Beeline Remote Command Execution

From: Jarek Potiuk <potiuk () apache org>
Date: Fri, 07 Apr 2023 13:59:45 +0000
Severity: low

Description:

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow 
Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.

Credit:

sw0rd1ight of Caiji Sec Team and 4ra1n of Chaitin Tech (finder)

References:

https://github.com/apache/airflow/pull/30212
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-28706
Previous By Date Next
Previous By Thread Next

Current thread: