CVE-2023-22886: Improper Input Validation

June 29, 2023 (updated July 6, 2023)

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.

References

lists.apache.org/thread/ynbjwp4n0vzql0xzhog1gkp1ovncf8j3
nvd.nist.gov/vuln/detail/CVE-2023-22886

Detect and mitigate CVE-2023-22886 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →