CVE-2023-28707: Apache Airflow Drill Provider vulnerable to improper input validation
(updated )
Apache Software Foundation’s Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized.
References
- github.com/advisories/GHSA-85pf-r4c7-3j9r
- github.com/apache/airflow
- github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3
- github.com/apache/airflow/pull/30215
- github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml
- lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
- nvd.nist.gov/vuln/detail/CVE-2023-28707
- www.openwall.com/lists/oss-security/2023/04/07/1
Detect and mitigate CVE-2023-28707 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →