CVE-2023-25693 – Sqoop Apache Airflow Provider Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-25693
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. • https://github.com/apache/airflow/pull/29500 https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4 • CWE-20: Improper Input Validation •
CVE-2023-25692 – Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service
https://notcve.org/view.php?id=CVE-2023-25692
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. • https://github.com/apache/airflow/pull/29499 https://lists.apache.org/thread/ks4l78l5rwdpmvfn7y7yhs179nyxtlsh • CWE-20: Improper Input Validation •
CVE-2023-25691 – Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-25691
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. • https://github.com/apache/airflow/pull/29497 https://lists.apache.org/thread/zdr8ovfttbh7kj0lydgcw88tbt2nmkcy • CWE-20: Improper Input Validation •
CVE-2023-22884 – Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow
https://notcve.org/view.php?id=CVE-2023-22884
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. Este problema afecta a Apache Airflow: antes de 2.5.1; Apache Airflow MySQL Provider: anterior a 4.0.0. • https://github.com/jakabakos/CVE-2023-22884-Airflow-SQLi https://github.com/apache/airflow/pull/28811 https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-46421 – Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params
https://notcve.org/view.php?id=CVE-2022-46421
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Apache Software Foundation Apache Airflow Hive Provider. Este problema afecta a Apache Airflow Hive Provider: versiones anteriores a 5.0.0. • https://github.com/apache/airflow/pull/28101 https://lists.apache.org/thread/09twdoyoybldlfj5gvk0qswtofh0rmp4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •