Apache: >> Apache-Airflow-Providers-Apache-Spark >> 4.0.0 Security Vulnerabilities
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.
It is recommended to upgrade to a version that is not affected.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-08-17
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-04-07