Headline

GHSA-q57w-826p-46jr: Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability

This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.

It is recommended to upgrade to a version that is not affected

1 year ago

ghsa

Open in Source

#sql #vulnerability #microsoft #apache #git

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

GitHub Advisory Database
GitHub Reviewed
CVE-2023-35798

Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability

Moderate severity GitHub Reviewed Published Jun 27, 2023 to the GitHub Advisory Database • Updated Jun 30, 2023

Package

pip apache-airflow-providers-microsoft-mssql (pip)

Affected versions

< 3.4.1

pip apache-airflow-providers-odbc (pip)

Description

Published to the GitHub Advisory Database

Jun 27, 2023

Last updated

Jun 30, 2023

Related news

CVE-2023-35798

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected

1 year ago

CVE

Open in Source

#sql #vulnerability #apache