CVE-2023-40272
published 2023-08-17CVE-2023-40272: Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.
It is recommended to upgrade to a version that is not affected.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | apache-airflow-providers-apache-spark | < 4.1.3 | 4.1.3 |
| apache | apache-airflow-providers-apache-spark | >= 0 < 4.1.3 | 4.1.3 |
| apache_software_foundation | apache_airflow_spark_provider | < 4.1.3 | 4.1.3 |