Headline
CVE-2023-28710: Validate host and schema for Spark JDBC Hook by potiuk · Pull Request #30223 · apache/airflow
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.
The host and schema of JDBC Hook should not contain / and ? as they are delimiting end of those fields.
potiuk deleted the validate_host_and_schema_for_spark_jdbc branch
March 22, 2023 08:33
dimonchik-suvorov pushed a commit to dimonchik-suvorov/airflow that referenced this pull request
Mar 31, 2023
The host and schema of JDBC Hook should not contain / and ? as they are delimiting end of those fields.
hussein-awala pushed a commit to hussein-awala/airflow that referenced this pull request
Mar 31, 2023
The host and schema of JDBC Hook should not contain / and ? as they are delimiting end of those fields.
Related news
Apache Software Foundation Apache Airflow Spark Provider before 4.0.1 is vulnerable to improper input validation because the host and schema of JDBC Hook can contain `/` and `?` which is used to denote the end of the field.