VDB
KO
HIGH 7.5

PYSEC-2026-1136

Apache Airflow Drill Provider vulnerable to improper input validation

Details

Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / apache-airflow-providers-apache-drill
Introduced in: 0 Fixed in: 2.3.2
Fix pip install --upgrade 'apache-airflow-providers-apache-drill>=2.3.2'

References