CVE-2023-35798
on github
Published
Severity
CVSS v3:
4.3 MEDIUM
CVSS v2:
N/A
Description
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it.
This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.
It is recommended to upgrade to a version that is not affected
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:apache:apache-airflow-providers-odbc:*:*:*:*:*:*:*:* | n/a | 4.0.0 | * |
cpe:2.3:a:apache:apache-airflow-providers-microsoft-mssql:*:*:*:*:*:*:*:* | n/a | 3.4.1 | * |