Re: CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow: Airflow 2.3.4 spark provider RCE that bypass restrictions to read arbitrary files

Just to add severity: moderate. On Mon, Nov 21, 2022 at 9:41 PM Jarek Potiuk wrote: > > Description: > > Improper Neutralization of Special Elements used in an OS Command ('OS > Command Injection') vulnerability in Apache Airflow Spark Provider, Apache > Airflow allows an attacker to read

CVE-2022-41131: Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)

Severity: moderate Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG

CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow: Airflow 2.3.4 spark provider RCE that bypass restrictions to read arbitrary files

Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects

CVE-2022-40189: Apache Airlfow Pig Provider RCE

Severity: moderate Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG

CVE-2022-38649: Apache Airflow Pinot Provider, Apache Airflow: PinotAdminHook Command Injection

Severity: moderate Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG

[ANNOUNCE] Apache Solr 9.1.0 released

The Solr PMC is pleased to announce the release of Apache Solr 9.1.0. Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Solr project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database

[ANNOUNCEMENT] HttpComponents Client 5.1.4 GA Released

The Apache HttpComponents project is pleased to announce 5.1.4 GA release of HttpComponents HttpClient. This release upgrades HttpCore to the latest 5.1 version and fixes several issues found since release 5.1.3. This is likely to be the last release in the 5.1 release series. Users of

CVE-2022-45470: Apache Hama allows XSS and information disclosure

Description: ** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed. Credit: Apache would like to thank QSec-Team for reporting this issue