Date: Fri, 07 Apr 2023 14:01:28 +0000 From: Jarek Potiuk <potiuk@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2023-28710: Apache Airflow Spark Provider Arbitrary File Read via JDBC Severity: low Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1. Credit: Xie Jianming of Nsfocus (finder) References: https://github.com/apache/airflow/pull/30223 https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-28710
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.