Re: CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow

Jarek Potiuk Mon, 23 Jan 2023 09:00:58 -0800

Also we want to credit id_No2015429 of 3H Security Team for his
reports for the same issue.


J.


On Mon, Jan 23, 2023 at 12:25 PM Jarek Potiuk <pot...@apache.org> wrote:
>
> Also we want to credit id_No2015429 of 3H Security Team for his reports for 
> the same issue.
>
> On Sat, Jan 21, 2023 at 1:51 AM Jarek Potiuk <pot...@apache.org> wrote:
>>
>> Severity: important
>>
>> Description:
>>
>> Improper Neutralization of Special Elements used in a Command ('Command 
>> Injection') vulnerability in Apache Software Foundation Apache Airflow, 
>> Apache Software Foundation Apache Airflow MySQL Provider.This issue affects 
>> Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
>>
>> Credit:
>>
>> Son Tran from VNPT - VCI (reporter)
>>
>> References:
>>
>> https://github.com/apache/airflow/pull/28811
>> https://airflow.apache.org/
>> https://www.cve.org/CVERecord?id=CVE-2023-22884
>>

Re: CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow

Reply via email to