1 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0. • https://lists.apache.org/thread/ynbjwp4n0vzql0xzhog1gkp1ovncf8j3 • CWE-20: Improper Input Validation •