PyPI package

apache-airflow-providers-apache-sqoop

pkg:pypi/apache-airflow-providers-apache-sqoop

Vulnerabilities (2)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2023-27604		—		< 4.0.0	4.0.0	Aug 28, 2023	Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker n
CVE-2023-25693		—		< 3.1.1	3.1.1	Feb 24, 2023	Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

CVE-2023-27604Aug 28, 2023
affected < 4.0.0fixed 4.0.0
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker n
CVE-2023-25693Feb 24, 2023
affected < 3.1.1fixed 3.1.1
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.