HIGH 7.5
PYSEC-2026-1136
Apache Airflow Drill Provider vulnerable to improper input validation
Details
Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / apache-airflow-providers-apache-drill
Introduced in:
0 Fixed in: 2.3.2 Fix
pip install --upgrade 'apache-airflow-providers-apache-drill>=2.3.2' References
- https://nvd.nist.gov/vuln/detail/CVE-2023-28707 [ADVISORY]
- https://github.com/apache/airflow/pull/30215 [WEB]
- https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3 [WEB]
- https://github.com/apache/airflow [PACKAGE]
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml [WEB]
- https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk [WEB]
- https://www.openwall.com/lists/oss-security/2023/04/07/1 [WEB]
- http://www.openwall.com/lists/oss-security/2023/04/07/1 [WEB]
- https://pypi.org/project/apache-airflow-providers-apache-drill [PACKAGE]
- https://github.com/advisories/GHSA-85pf-r4c7-3j9r [ADVISORY]