Skip to main content

Apache Airflow Providers Apache Spark

3 CVEs product

Monthly

CVE-2023-40272 PyPI HIGH PATCH This Week

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Apache Airflow Providers Apache Spark
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-28710 PyPI HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Apache Airflow Providers Apache Spark
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-40954 PyPI MEDIUM PATCH This Month

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Command Injection Airflow Apache Airflow Providers Apache Spark
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Apache Airflow Providers Apache Spark
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Apache Airflow Providers Apache Spark
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Command Injection Airflow +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy