Security
Headlines

Headlines Latest CVEs

Headline

GHSA-mm87-c3x2-6f89: Apache Airflow JDBC Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.

1 year ago

#vulnerability #apache #git #rce

GitHub Advisory Database
GitHub Reviewed
CVE-2023-22886

Apache Airflow JDBC Provider Improper Input Validation vulnerability

Moderate severity GitHub Reviewed Published Jun 29, 2023 to the GitHub Advisory Database • Updated Jun 30, 2023

Package

pip apache-airflow-providers-jdbc (pip)

Affected versions

< 4.0.0

Published to the GitHub Advisory Database

Jun 29, 2023

Last updated

Jun 30, 2023

Related news

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.

1 year ago

#vulnerability #apache #rce

ghsa: Latest News

GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

12 hours ago

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

14 hours ago

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

15 hours ago

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

17 hours ago

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

17 hours ago