Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mq4v-6vg4-796c: apache-airflow-providers-apache-drill Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.

Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider before 2.4.3. It is recommended to upgrade to a version that is not affected.

ghsa
Open in Source
#vulnerability#apache#git

apache-airflow-providers-apache-drill Improper Input Validation vulnerability

Moderate severity GitHub Reviewed Published Aug 11, 2023 to the GitHub Advisory Database • Updated Aug 11, 2023

Related news

CVE-2023-39553: Validate database URL passed to create_engine of Drill hook's connection by pankajkoti · Pull Request #33074 · apache/airflow

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected.

ghsa: Latest News

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling
ghsa