Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-hg6c-qqcm-r79r: Apache Airflow Hive Provider Beeline remote code execution with Principal

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.

Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details.

It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.

ghsa
Open in Source
#vulnerability#apache#git#rce

Apache Airflow Hive Provider Beeline remote code execution with Principal

Moderate severity GitHub Reviewed Published Jul 3, 2023 to the GitHub Advisory Database • Updated Jul 5, 2023

Related news

CVE-2023-35797: Sanitize beeline principal parameter by potiuk · Pull Request #31983 · apache/airflow

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.

ghsa: Latest News

GHSA-gcx4-mw62-g8wm: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
ghsa