CVE-2023-22884

CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow

Vendor Apache Software Foundation

Product Apache Airflow

Weakness CWE-77

Published January 21, 2023

Last update March 31, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.

Key dates

Disclosure timeline

January 21, 2023 CVE published

March 31, 2025 Record updated

Identifiers

CVE CVE-2023-22884

CWE CWE-77

Affected versions

Vendor Apache Software Foundation

Product Apache Airflow

Affected < 2.5.1

Vendor Apache Software Foundation

Product Apache Airflow MySQL Provider

Affected < 4.0.0