Headline
GHSA-ffj9-4crc-q7wf: Apache Airflow Spark Provider vulnerable to improper input validation
Apache Software Foundation Apache Airflow Spark Provider before 4.0.1 is vulnerable to improper input validation because the host and schema of JDBC Hook can contain / and ? which is used to denote the end of the field.
Apache Airflow Spark Provider vulnerable to improper input validation
Moderate severity GitHub Reviewed Published Apr 7, 2023 to the GitHub Advisory Database • Updated Apr 7, 2023
Related news
CVE-2023-28710: Validate host and schema for Spark JDBC Hook by potiuk · Pull Request #30223 · apache/airflow
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.