Apache - Apache-airflow-providers-apache-spark CVE

Filtered by vendor Apache Subscribe

Filtered by product Apache-airflow-providers-apache-spark

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-40272	1 Apache	1 Apache-airflow-providers-apache-spark	2023-08-24	N/A	7.5 HIGH
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.

Vulnerabilities (CVE)