CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25696 – Apache Airflow Hive Provider Beeline RCE
https://notcve.org/view.php?id=CVE-2023-25696
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. • https://github.com/apache/airflow/pull/29502 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25693 – Sqoop Apache Airflow Provider Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-25693
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. • https://github.com/apache/airflow/pull/29500 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25692 – Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service
https://notcve.org/view.php?id=CVE-2023-25692
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. • https://github.com/apache/airflow/pull/29499 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25691 – Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-25691
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. • https://github.com/apache/airflow/pull/29497 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 63%CPEs: 2EXPL: 1CVE-2023-22884 – Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow
https://notcve.org/view.php?id=CVE-2023-22884
21 Jan 2023 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Prov... • https://github.com/jakabakos/CVE-2023-22884-Airflow-SQLi • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2022-46421 – Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params
https://notcve.org/view.php?id=CVE-2022-46421
20 Dec 2022 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Apache Software Foundation Apache Airflow Hive Provider. Este problema afecta a Apache Airflow Hive Provider: versiones anteriores a 5.0.0. • https://github.com/apache/airflow/pull/28101 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-40189 – Apache Airlfow Pig Provider RCE
https://notcve.org/view.php?id=CVE-2022-40189
22 Nov 2022 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually in... • https://github.com/apache/airflow/pull/27644 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40954 – Apache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files
https://notcve.org/view.php?id=CVE-2022-40954
22 Nov 2022 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually ... • https://github.com/apache/airflow/pull/27646 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-38649 – Apache Airflow Pinot provider allowed Command Injection
https://notcve.org/view.php?id=CVE-2022-38649
22 Nov 2022 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed f... • https://github.com/apache/airflow/pull/27641 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41131 – Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)
https://notcve.org/view.php?id=CVE-2022-41131
22 Nov 2022 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manuall... • https://github.com/apache/airflow/pull/27647 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •