ByteOS Network

NVD Vulnerability Details :

CVE-2023-39553

Modified

Source-security@apache.org

Published At-11 Aug, 2023 | 08:15

Updated At-13 Feb, 2025 | 17:16

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

The Apache Software Foundation

>>apache-airflow-providers-apache-drill>>Versions before 2.4.3(exclusive)

cpe:2.3:a:apache:apache-airflow-providers-apache-drill:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Secondary	security@apache.org

References

Hyperlink	Source	Resource
http://www.openwall.com/lists/oss-security/2023/08/11/1	security@apache.org	Mailing List Patch Third Party Advisory
https://github.com/apache/airflow/pull/33074	security@apache.org	Patch
https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf	security@apache.org	Mailing List Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/08/11/1	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Third Party Advisory
https://github.com/apache/airflow/pull/33074	af854a3a-2127-422b-91ae-364da2661108	Patch
https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History