CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-22884 – Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow
https://notcve.org/view.php?id=CVE-2023-22884
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. Este problema afecta a Apache Airflow: antes de 2.5.1; Apache Airflow MySQL Provider: anterior a 4.0.0. • https://github.com/jakabakos/CVE-2023-22884-Airflow-SQLi https://github.com/apache/airflow/pull/28811 https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •