Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-28707: Sanitize host in drill hook by potiuk · Pull Request #30215 · apache/airflow

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.

CVE
Open in Source
#vulnerability#apache

The host passed in drill connection might contain some invalid characters. We should sanitize and reject them.

potiuk deleted the sanitize-host-in-drill-hook branch

March 22, 2023 08:33

dimonchik-suvorov pushed a commit to dimonchik-suvorov/airflow that referenced this pull request

Mar 31, 2023

The host passed in drill connection might contain some invalid characters. We should sanitize and reject them.

hussein-awala pushed a commit to hussein-awala/airflow that referenced this pull request

Mar 31, 2023

The host passed in drill connection might contain some invalid characters. We should sanitize and reject them.

Related news

GHSA-85pf-r4c7-3j9r: Apache Airflow Drill Provider vulnerable to improper input validation

Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE