CVE-2023-28710

Published: Apr 7, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.

Affected (1)

Products: Apache: Apache Airflow Providers Apache Spark

Apache

1 product

Apache Airflow Providers Apache Spark

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Apache Airflow Providers Apache Spark	Before 4.0.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.openwall.com/lists/oss-security/2023/04/07/3

Source: security@apache.org

Mailing ListThird Party Advisory

https://github.com/apache/airflow/pull/30223

Source: security@apache.org

Vendor Advisory

https://lists.apache.org/thread/lb9w9114ow00h2nkn8bjm106v5x1p1d2

Source: security@apache.org

Mailing ListVendor Advisory

http://www.openwall.com/lists/oss-security/2023/04/07/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://github.com/apache/airflow/pull/30223

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.apache.org/thread/lb9w9114ow00h2nkn8bjm106v5x1p1d2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.