Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1tcTR2LTZ2ZzQtNzk2Y84AA1P3

High CVSS: 8.7 EPSS: 0.00984% (0.75847 Percentile) EPSS:
Permalink JSON

apache-airflow-providers-apache-drill Improper Input Validation vulnerability

Affected Packages Affected Versions Fixed Versions
pypi:apache-airflow-providers-apache-drill < 2.4.3 2.4.3
3 Dependent packages
3 Dependent repositories
83,305 Downloads last month

Affected Version Ranges

All affected versions

1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 2.0.0, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.4.2

All unaffected versions

2.4.3, 2.4.4, 2.5.0, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.8.0, 2.8.1, 3.0.0, 3.0.1, 3.1.0, 3.1.1

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.

Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.
This issue affects Apache Airflow Drill Provider before 2.4.3.
It is recommended to upgrade to a version that is not affected.

References:

Identifiers

GHSA-mq4v-6vg4-796c

CVE-2023-39553

Risk

Severity

High

CVSS

CVSS Score: 8.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00984

EPSS Percentile: 0.75847

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/airflow

Date and time

Published

almost 2 years ago

Updated

6 months ago

API

JSON