CVE-2023-39553

EPSS 1.29%
Published 11.08.2023 08:15:09
Last modified 13.02.2025 17:16:54
Source security@apache.org
Teams watchlist Login
Open Login

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.

Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.
This issue affects Apache Airflow Drill Provider: before 2.4.3.
It is recommended to upgrade to a version that is not affected.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Apache-airflow-providers-apache-drill Version < 2.4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.29%	0.789

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2023/08/11/1

Patch

Third Party Advisory

Mailing List

https://github.com/apache/airflow/pull/33074

Patch

https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf

Patch

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-39553

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39553

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39553

EUVD