all InfoSec news
CVE-2023-35797 (apache-airflow-providers-apache-hive)
July 3, 2023, 10:15 a.m. |
National Vulnerability Database web.nvd.nist.gov
This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.
Before version 6.1.1 it was possible to bypass the security check to RCE via
principal parameter. For this to be exploited it requires access to modifying the connection details.
It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.
access airflow apache apache software foundation bypass check cve exploited foundation hive input input validation issue parameter rce security software validation version vulnerability
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
6 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Financial Crimes Compliance - Senior - Consulting - Location Open
@ EY | New York City, US, 10001-8604
Software Engineer - Cloud Security
@ Neo4j | Malmö
Security Consultant
@ LRQA | Singapore, Singapore, SG, 119963
Identity Governance Consultant
@ Allianz | Sydney, NSW, AU, 2000
Educator, Cybersecurity
@ Brain Station | Toronto
Principal Security Engineer
@ Hippocratic AI | Palo Alto