oss-sec mailing list archives
CVE-2023-28710: Apache Airflow Spark Provider Arbitrary File Read via JDBC
From: Jarek Potiuk <potiuk () apache org>
Date: Fri, 07 Apr 2023 14:01:28 +0000
Severity: low Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1. Credit: Xie Jianming of Nsfocus (finder) References: https://github.com/apache/airflow/pull/30223 https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-28710
Current thread:
- CVE-2023-28710: Apache Airflow Spark Provider Arbitrary File Read via JDBC Jarek Potiuk (Apr 07)