Vulnerabilities > Apache > Apache Airflow Providers Apache Spark > 4.0.1

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-17	CVE-2023-40272	Unspecified vulnerability in Apache Apache-Airflow-Providers-Apache-Spark Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected. network low complexity apache	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.