1 results (0.002 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22886 – Apache Airflow JDBC Provider: RCE Vulnerability
https://notcve.org/view.php?id=CVE-2023-22886
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0. • https://lists.apache.org/thread/ynbjwp4n0vzql0xzhog1gkp1ovncf8j3 • CWE-20: Improper Input Validation •