CVE-2023-22884 Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow

2023-01-2113:02:49

CWE-77

apache

www.cve.org

cve-2023-22884

apache airflow

mysql provider

9.7 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Airflow",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "2.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Apache Airflow MySQL Provider",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "4.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]