Lucene search
Veracode Vulnerability DatabaseVERACODE:40100HistoryApr 11, 2023 - 2:01 a.m.
Improper Input Validation
2023-04-1102:01:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
apache-airflow
apache-drill
improper input validation
software
0.002 Low
EPSS
Percentile
59.0%
apache-airflow-providers-apache-drill is vulnerable to Improper Input Validation. The vulnerability exists because the get_conn function of drill.py does not properly sanitize invalid characters when the host passes through the drill connection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache-airflow-providers-apache-drill | le | 2.3.2rc1 | |
| apache-airflow-providers-apache-drill | le | 2.3.2rc1 |
References
www.openwall.com/lists/oss-security/2023/04/07/1
github.com/advisories/GHSA-85pf-r4c7-3j9r
github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3
github.com/apache/airflow/pull/30215
lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
www.openwall.com/lists/oss-security/2023/04/07/1
Related
osv
osv
Apache Airflow Drill Provider vulnerable to improper input validation
2023-04-07 15:30:38
CVE-2023-28707
2023-04-07 15:15:08
PYSEC-2023-3
2023-04-07 15:15:00
github
github
Apache Airflow Drill Provider vulnerable to improper input validation
2023-04-07 15:30:38
cve
cve
CVE-2023-28707
2023-04-07 15:15:08
prion
prion
Input validation
2023-04-07 15:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-28707
2023-04-07 15:15:08