Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS04NXBmLXI0YzctM2o5cs4AAyn4

High CVSS: 8.7 EPSS: 0.00175% (0.3952 Percentile) EPSS:
Permalink JSON

Apache Airflow Drill Provider vulnerable to improper input validation

Affected Packages Affected Versions Fixed Versions
pypi:apache-airflow-providers-apache-drill < 2.3.2 2.3.2
3 Dependent packages
3 Dependent repositories
83,305 Downloads last month

Affected Version Ranges

All affected versions

1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 2.0.0, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.3.1

All unaffected versions

2.3.2, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.5.0, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.8.0, 2.8.1, 3.0.0, 3.0.1, 3.1.0, 3.1.1

Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized.

References:

Identifiers

GHSA-85pf-r4c7-3j9r

CVE-2023-28707

Risk

Severity

High

CVSS

CVSS Score: 8.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00175

EPSS Percentile: 0.3952

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/airflow

Date and time

Published

over 2 years ago

Updated

6 months ago

API

JSON