CVE-2022-46421

CVE-2022-46421: Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params

Vendor Apache Software Foundation

Product Apache Airflow Hive Provider

Weakness CWE-77

Published December 20, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.

Key dates

Disclosure timeline

December 20, 2022 CVE published

April 16, 2025 Record updated