CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC

Elad Kalif Thu, 17 Aug 2023 11:14:19 -0700

Severity: moderate

Affected versions:


- Apache Airflow Spark Provider before 4.1.3

Description:

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a 
vulnerability that allows an attacker to pass in malicious parameters when 
establishing a connection giving an opportunity to read files on the Airflow 
server.
It is recommended to upgrade to a version that is not affected.

Credit:

sw0rd1ight (finder)

References:

https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-40272

CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC

Reply via email to