apache-airflow-providers-apache-drill is vulnerable to Improper Input Validation. The vulnerability exists because the get_conn
function of drill.py
does not properly sanitize invalid characters when the host passes through the drill connection.
CPE | Name | Operator | Version |
---|---|---|---|
apache-airflow-providers-apache-drill | le | 2.3.2rc1 | |
apache-airflow-providers-apache-drill | le | 2.3.2rc1 |
www.openwall.com/lists/oss-security/2023/04/07/1
github.com/advisories/GHSA-85pf-r4c7-3j9r
github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3
github.com/apache/airflow/pull/30215
lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
www.openwall.com/lists/oss-security/2023/04/07/1