Apache Software Foundation Apache Airflow Apache Hive Provider vulnerabilities
2 known vulnerabilities affecting apache_software_foundation/apache_airflow_apache_hive_provider.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2023-37415CRITICALCVSS 9.8fixed in 6.1.22023-07-13
CVE-2023-37415 [CRITICAL] CWE-20 Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user
Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.
Patching on top of CVE-2023-35797
Before 6.1.2 the proxy_user option can also inject semicolon.
This issue affects Apache Airflow Apache Hive Provider: before 6.1.2.
cvelistv5
CVE-2023-35797CRITICALCVSS 9.8fixed in 6.1.22023-07-03
CVE-2023-35797 [CRITICAL] CWE-20 CVE-2023-35797: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.
This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.
Before version 6.1.1 it was possible to bypass the security check to RCE via
principal parameter. For this to be exploited it requires access to modifying the connection details.
cvelistv5nvd