Vulnerability Description
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Apache-Airflow-Providers-Microsoft-Mssql | < 3.4.1 |
| Apache | Apache-Airflow-Providers-Odbc | < 4.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/apache/airflow/pull/31984PatchVendor Advisory
- https://lists.apache.org/thread/951rb9m7wwox5p30tdvcfjxq8j1mp4pjMailing ListVendor Advisory
- https://github.com/apache/airflow/pull/31984PatchVendor Advisory
- https://lists.apache.org/thread/951rb9m7wwox5p30tdvcfjxq8j1mp4pjMailing ListVendor Advisory
FAQ
What is CVE-2023-35798?
CVE-2023-35798 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requir...
How severe is CVE-2023-35798?
CVE-2023-35798 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-35798?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Apache-Airflow-Providers-Microsoft-Mssql, Apache Apache-Airflow-Providers-Odbc.