CRITICAL 9.8

PYSEC-2026-274

Apache Airflow Hive Provider vulnerable to Command Injection

Details

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / apache-airflow-providers-apache-hive

Introduced in: 0 Fixed in: 5.0.0

Fix pip install --upgrade 'apache-airflow-providers-apache-hive>=5.0.0'

References

https://nvd.nist.gov/vuln/detail/CVE-2022-46421 [ADVISORY]
https://github.com/apache/airflow/pull/28101 [WEB]
https://github.com/apache/airflow [PACKAGE]
https://lists.apache.org/thread/09twdoyoybldlfj5gvk0qswtofh0rmp4 [WEB]
https://pypi.org/project/apache-airflow-providers-apache-hive [PACKAGE]
https://github.com/advisories/GHSA-rc58-qr9j-cpgw [ADVISORY]