Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tbTg3LWMzeDItNmY4Oc4AA0Im
Apache Airflow JDBC Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.
Permalink: https://github.com/advisories/GHSA-mm87-c3x2-6f89JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tbTg3LWMzeDItNmY4Oc4AA0Im
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-mm87-c3x2-6f89, CVE-2023-22886
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-22886
- https://lists.apache.org/thread/ynbjwp4n0vzql0xzhog1gkp1ovncf8j3
- https://github.com/advisories/GHSA-mm87-c3x2-6f89
Affected Packages
pypi:apache-airflow-providers-jdbc
Versions: < 4.0.0Fixed in: 4.0.0