Vulnerabilities > Apache > Apache Airflow Providers Apache Hive > 5.1.1

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-13	CVE-2023-37415	Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Hive Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability. network low complexity apache CWE-20	8.8
2023-07-03	CVE-2023-35797	Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Hive Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. network low complexity apache CWE-20 critical	9.8
2023-02-24	CVE-2023-25696	Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Hive Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. network low complexity apache CWE-20 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.