High severityNVD Advisory· Published Jun 29, 2023· Updated Oct 7, 2024
Apache Airflow JDBC Provider: RCE Vulnerability
CVE-2023-22886
Description
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflow-providers-jdbcPyPI | < 4.0.0 | 4.0.0 |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-mm87-c3x2-6f89ghsaADVISORY
- lists.apache.org/thread/ynbjwp4n0vzql0xzhog1gkp1ovncf8j3ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-22886ghsaADVISORY
News mentions
0No linked articles in our index yet.