Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-28706: Move auth parameter from extra to Hook parameter by potiuk · Pull Request #30212 · apache/airflow

Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.

CVE
#vulnerability#apache#auth

For consistency, we are moving hive auth parameter to the Hook.

^ Add meaningful description above

Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

Related news

GHSA-5cvg-9pp5-mxcj: Apache Airflow Hive Provider vulnerable to code injection

Apache Software Foundation's Apache Airflow Hive Provider before 6.0.0 is vulnerable to improper control of generation of code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907