/10.1.0/
https://pypi.org/project/apache-airflow-providers-tabular/1.5.1/
Cheers,
Elad Kalif
/
https://pypi.org/project/apache-airflow-providers-vertica/3.8.0/
https://pypi.org/project/apache-airflow-providers-weaviate/1.4.0/
https://pypi.org/project/apache-airflow-providers-yandex/3.11.0/
https://pypi.org/project/apache-airflow-providers-zendesk/4.7.0/
Cheers,
Elad Kalif
list of released PyPI packages:
https://pypi.org/project/apache-airflow-providers-cncf-kubernetes/8.1.1/
https://pypi.org/project/apache-airflow-providers-databricks/6.3.0/
https://pypi.org/project/apache-airflow-providers-fab/1.0.4/
Cheers,
Elad Kalif
Severity: low
Affected versions:
- Apache Airflow FTP Provider before 3.7.0
Description:
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider.
The FTP hook lacks complete certificate validation in FTP_TLS connections,
which can potentially be leveraged. Implementing
list of released PyPI packages:
https://pypi.org/project/apache-airflow-providers-yandex/3.10.0/
Cheers,
Elad Kalif
/apache-airflow-providers-sftp/4.9.1/
https://pypi.org/project/apache-airflow-providers-slack/8.6.2/
https://pypi.org/project/apache-airflow-providers-snowflake/5.4.0/
https://pypi.org/project/apache-airflow-providers-weaviate/1.3.4/
Cheers,
Elad Kalif
/project/apache-airflow-providers-trino/5.6.3/
https://pypi.org/project/apache-airflow-providers-weaviate/1.3.3/
Cheers,
Elad Kalif
.
Full list of released PyPI packages:
https://pypi.org/project/apache-airflow-providers-teradata/2.0.0/
Cheers,
Elad Kalif
Severity: low
Affected versions:
- Apache Airflow Mongo Provider 1.0.0 before 4.0.0
Description:
When ssl was enabled for Mongo Hook, default settings included "allow_insecure"
which caused that certificates were not validated. This was unexpected and
undocumented.
Users are recommended to
.
Full list of released PyPI packages:
https://pypi.org/project/apache-airflow-providers-cncf-kubernetes/8.0.0/
Cheers,
Elad Kalif
.
Full list of released PyPI packages:
https://pypi.org/project/apache-airflow-providers-amazon/8.18.0/
https://pypi.org/project/apache-airflow-providers-common-sql/1.11.0/
Cheers,
Elad Kalif
/project/apache-airflow-providers-weaviate/1.3.2/
https://pypi.org/project/apache-airflow-providers-yandex/3.9.0/
Cheers,
Elad Kalif
.
Full list of released PyPI packages:
https://pypi.org/project/apache-airflow-providers-microsoft-azure/9.0.0/
Cheers,
Elad Kalif
/project/apache-airflow-providers-opsgenie/5.5.0/
https://pypi.org/project/apache-airflow-providers-pagerduty/3.6.0/
https://pypi.org/project/apache-airflow-providers-redis/3.6.0/
https://pypi.org/project/apache-airflow-providers-samba/4.5.0/
Cheers,
Elad Kalif
.
Cheers,
Elad Kalif
/apache-airflow-providers/installing-from-sources
You can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
the PyPI packages.
Cheers,
Elad Kalif
/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
Severity: moderate
Affected versions:
- Apache Airflow Celery provider 3.3.0 through 3.4.0
- Apache Airflow 1.10.0 before 2.7.0
Description:
Insertion of Sensitive Information into Log File vulnerability in Apache
Airflow Celery provider, Apache Airflow.
Sensitive information logged as clear
can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
-from-sources
You can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
-providers/installing-from-sources
You can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
Severity: low
Affected versions:
- Apache Airflow HDFS Provider before 4.1.1
Description:
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation
info pointed users to an install incorrect pip package. As this package name
was unclaimed, in theory, an attacker could
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
Severity: moderate
Affected versions:
- Apache Airflow Spark Provider before 4.1.3
Description:
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted
Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark
Provider.
When the Apache Spark
Severity: moderate
Affected versions:
- Apache Airflow Sqoop Provider before 4.0.0
Description:
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a
vulnerability that allows an attacker pass parameters with the connections,
which makes it possible to implement RCE attacks
Severity: moderate
Affected versions:
- Apache Airflow Spark Provider before 4.1.3
Description:
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a
vulnerability that allows an attacker to pass in malicious parameters when
establishing a connection giving an opportunity to
Also want to credit id_No2015429 of 3H Security Team for this report of the
same issue.
On 2023/08/11 04:57:45 Elad Kalif wrote:
> Severity: moderate
>
> Affected versions:
>
> - Apache Airflow Drill Provider before 2.4.3
>
> Description:
>
> Improper Input Validat
://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
Severity: moderate
Affected versions:
- Apache Airflow Drill Provider before 2.4.3
Description:
Improper Input Validation vulnerability in Apache Software Foundation Apache
Airflow Drill Provider.
Apache Airflow Drill Provider is affected by a vulnerability that allows an
attacker to pass
-providers/installing-from-sources
You can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
-airflow-providers/installing-from-sources
You can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
-airflow-providers/installing-from-sources
You can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
Severity: moderate
Affected versions:
- Apache Airflow Apache Hive Provider before 6.1.2
Description:
Improper Input Validation vulnerability in Apache Software Foundation Apache
Airflow Apache Hive Provider.
Patching on top of CVE-2023-35797
Before 6.1.2 the proxy_user option can also
-providers/installing-from-sources
You can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
Severity: moderate
Affected versions:
- Apache Airflow Apache Hive Provider before 6.1.1
Description:
Improper Input Validation vulnerability in Apache Software Foundation Apache
Airflow Hive Provider.
This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.
Before version 6.1.1
Severity: low
Affected versions:
- Apache Airflow ODBC Provider before 4.0.0
- Apache Airflow MSSQL Provider before 3.4.1
Description:
Input Validation vulnerability in Apache Software Foundation Apache Airflow
ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This
Severity: low
Affected versions:
- Apache Airflow JDBC Provider before 4.0.0
Description:
Improper Input Validation vulnerability in Apache Software Foundation Apache
Airflow JDBC Provider.
Airflow JDBC Provider Connection’s [Connection URL] parameters had no
restrictions, which made it
Severity: moderate
Affected versions:
- Apache Airflow ODBC Provider before 4.0.0
Description:
Improper Neutralization of Argument Delimiters in a Command ('Argument
Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC
Provider.
In OdbcHook, A privilege escalation
/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
Severity: low
Affected versions:
- Apache Airflow 2.5.0 before 2.6.2
Description:
In Apache Airflow, some potentially sensitive values were being shown to the
user in certain situations.
This vulnerability is mitigated by the fact configuration is not shown in the
UI by default (only
here for more details:
https://airflow.apache.org/docs/apache-airflow/2.6.2/release_notes.html
Container images are published at:
https://hub.docker.com/r/apache/airflow/tags/?page=1=2.6.2
Cheers,
Elad Kalif
://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
Severity: low
Affected versions:
- Apache Airflow CNCF Kubernetes Provider 5.0.0 through 6.1.0
Description:
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version
5.0.0 allows user to change xcom sidecar image and resources via Airflow
connection.
In order to exploit
/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
from the PyPI packages.
Cheers,
Elad Kalif
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
-airflow-providers/installing-from-sources
You can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
-providers/installing-from-sources
You can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
/installing-from-sources
You can install the providers via PyPI:
https://airflow.apache.org/docs/apache-airflow-providers/installing-from-pypi
The documentation is available at https://airflow.apache.org/docs/ and linked
from the PyPI packages.
Cheers,
Elad Kalif
-pypi
The documentation is available at https://airflow.apache.org/docs/ and
linked from the PyPI packages.
Cheers,
Elad Kalif
65 matches
Mail list logo