CVE-2023-40272

Published: Aug 17, 2023Modified: Feb 13, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.

Affected (1)

Products: Apache: Apache Airflow Providers Apache Spark

1 product

Apache Airflow Providers Apache Spark

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Apache Airflow Providers Apache Spark	Before 4.1.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.openwall.com/lists/oss-security/2023/08/17/1

Source: security@apache.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2023/08/18/1

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.apache.org/thread/t03gktyzyor20rh06okd91jtqmw6k1l7

Source: security@apache.org

Mailing ListVendor Advisory

http://www.openwall.com/lists/oss-security/2023/08/17/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2023/08/18/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.apache.org/thread/t03gktyzyor20rh06okd91jtqmw6k1l7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.