Vulnerabilities > CVE-2023-40272 - Unspecified vulnerability in Apache Apache-Airflow-Providers-Apache-Spark
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.
Vulnerable Configurations
References
- http://www.openwall.com/lists/oss-security/2023/08/17/1
- http://www.openwall.com/lists/oss-security/2023/08/17/1
- http://www.openwall.com/lists/oss-security/2023/08/18/1
- http://www.openwall.com/lists/oss-security/2023/08/18/1
- https://lists.apache.org/thread/t03gktyzyor20rh06okd91jtqmw6k1l7
- https://lists.apache.org/thread/t03gktyzyor20rh06okd91jtqmw6k1l7