CVE-2023-28706: Improper Control of Generation of Code ('Code Injection')

April 7, 2023

Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.

References

www.openwall.com/lists/oss-security/2023/04/07/2
github.com/advisories/GHSA-5cvg-9pp5-mxcj
github.com/apache/airflow/pull/30212
lists.apache.org/thread/dl20xxd51xvlx0zzc0wzgxfjwgtbbxo3
nvd.nist.gov/vuln/detail/CVE-2023-28706

Detect and mitigate CVE-2023-28706 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →