CVE-2023-22884
published 2023-01-21CVE-2023-22884: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | < 2.5.1 | 2.5.1 |
| apache | apache-airflow-providers-mysql | < 4.0.0 | 4.0.0 |
| apache | apache-airflow-providers-mysql | >= 0 < 4.0.0 | 4.0.0 |
| apache_software_foundation | apache_airflow | < 2.5.1 | 2.5.1 |
| apache_software_foundation | apache_airflow_mysql_provider | < 4.0.0 | 4.0.0 |