Just to add severity: moderate.
On Mon, Nov 21, 2022 at 9:41 PM Jarek Potiuk wrote:
>
> Description:
>
> Improper Neutralization of Special Elements used in an OS Command ('OS
> Command Injection') vulnerability in Apache Airflow Spark Provider, Apache
> Airflow allows an attacker to read
Severity: moderate
Description:
Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow
allows an attacker to execute arbtrary commands in the task execution context,
without write access to DAG
Description:
Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow
allows an attacker to read arbtrary files in the task execution context,
without write access to DAG files. This issue affects
Severity: moderate
Description:
Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows
an attacker to control commands executed in the task execution context, without
write access to DAG
Severity: moderate
Description:
Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow
allows an attacker to control commands executed in the task execution context,
without write access to DAG
The Solr PMC is pleased to announce the release of Apache Solr 9.1.0.
Solr is the popular, blazing fast, open source NoSQL search platform
from the Apache Solr project. Its major features include powerful
full-text search, hit highlighting, faceted search, dynamic
clustering, database
The Apache HttpComponents project is pleased to announce 5.1.4 GA
release of HttpComponents HttpClient.
This release upgrades HttpCore to the latest 5.1 version and fixes
several issues found since release 5.1.3.
This is likely to be the last release in the 5.1 release series. Users
of
Description:
** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may
cause information disclosure through path traversal and XSS. Since Apache Hama
is EOL, we do not expect these issues to be fixed.
Credit:
Apache would like to thank QSec-Team for reporting this issue