CVE-2023-37415

Published: Jul 13, 2023Modified: Feb 13, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.

Affected (1)

Products: Apache: Apache Airflow Providers Apache Hive

1 product

Apache Airflow Providers Apache Hive

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Apache Airflow Providers Apache Hive	Before 6.1.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.openwall.com/lists/oss-security/2023/07/12/3

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k

Source: security@apache.org

Mailing ListVendor Advisory

http://www.openwall.com/lists/oss-security/2023/07/12/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.