oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow

From: Jarek Potiuk <potiuk () apache org>
Date: Sat, 21 Jan 2023 00:50:27 +0000
Severity: important

Description:

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software 
Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: 
before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.

Credit:

Son Tran from VNPT - VCI (reporter)

References:

https://github.com/apache/airflow/pull/28811
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-22884
Previous By Date Next
Previous By Thread Next

Current thread: