1 results (0.002 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27018 – Apache Airflow MySQL Provider: SQL injection in MySQL provider core function
https://notcve.org/view.php?id=CVE-2025-27018
19 Mar 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended. It could lead to data corruption, modification and others. This issue affects Apache Airflow MySQL Provider: before 6.2.0. Users are recommended to upgrade to version 6.2.0, which fixes the issue. Vulner... • https://github.com/apache/airflow/pull/47254 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •