Security Advisory

CVE-2023-40272

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-08-17 13:52:30

Last updated 2025-02-13 17:07:44

Assigner apache

State PUBLISHED

Description

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.

← Browse all CVEs View on cve.org ↗