CVE-2023-39553

CVE-2023-39553: Apache Airflow Drill Provider Arbitrary File Read Vulnerability

Vendor Apache Software Foundation

Product Apache Airflow Drill Provider

Weakness CWE-20 · Input validation

Published August 11, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected.

Key dates

02Disclosure timeline

August 11, 2023 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-39553

Related vulnerabilities

CVE-2023-39553: Apache Airflow Drill Provider Arbitrary File Read Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE