PyPI package
apache-airflow-providers-apache-spark
pkg:pypi/apache-airflow-providers-apache-spark
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-40195 | — | < 4.1.3 | 4.1.3 | Aug 28, 2023 | Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to conf | ||
| CVE-2023-40272 | — | < 4.1.3 | 4.1.3 | Aug 17, 2023 | Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is | ||
| CVE-2023-28710 | — | < 4.0.1 | 4.0.1 | Apr 7, 2023 | Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1. |
- CVE-2023-40195Aug 28, 2023affected < 4.1.3fixed 4.1.3
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to conf
- CVE-2023-40272Aug 17, 2023affected < 4.1.3fixed 4.1.3
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is
- CVE-2023-28710Apr 7, 2023affected < 4.0.1fixed 4.0.1
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.