HIGH 7.5
PYSEC-2026-1136
Apache Airflow Drill Provider vulnerable to improper input validation
상세
Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / apache-airflow-providers-apache-drill
최초 영향 버전:
0 수정 버전: 2.3.2 수정
pip install --upgrade 'apache-airflow-providers-apache-drill>=2.3.2' 참고
- https://nvd.nist.gov/vuln/detail/CVE-2023-28707 [ADVISORY]
- https://github.com/apache/airflow/pull/30215 [WEB]
- https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3 [WEB]
- https://github.com/apache/airflow [PACKAGE]
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml [WEB]
- https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk [WEB]
- https://www.openwall.com/lists/oss-security/2023/04/07/1 [WEB]
- http://www.openwall.com/lists/oss-security/2023/04/07/1 [WEB]
- https://pypi.org/project/apache-airflow-providers-apache-drill [PACKAGE]
- https://github.com/advisories/GHSA-85pf-r4c7-3j9r [ADVISORY]