CVE-2023-39553
on github
Published
Severity
CVSS v3:
7.5 HIGH
CVSS v2:
N/A
Description
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.
Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.
This issue affects Apache Airflow Drill Provider: before 2.4.3.
It is recommended to upgrade to a version that is not affected.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:apache:apache-airflow-providers-apache-drill:*:*:*:*:*:*:*:* | n/a | 2.4.3 | * |