CVE-2023-22886 (apache-airflow-providers-jdbc)

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider.
Airflow JDBC Provider Connection’s [Connection URL] parameters had no
restrictions, which made it possible to implement RCE attacks via
different type JDBC drivers, obtain airflow server permission.
This issue affects Apache Airflow JDBC Provider: before 4.0.0.

airflow apache apache software foundation attacks cve drivers foundation input input validation issue jdbc permission rce restrictions server software url validation vulnerability