Apache Airflow Providers Apache Hive
By the Year
In 2024 there have been 0 vulnerabilities in Apache Airflow Providers Apache Hive . Last year Apache Airflow Providers Apache Hive had 3 security vulnerabilities published. Right now, Apache Airflow Providers Apache Hive is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 3 | 9.47 |
| 2022 | 2 | 8.80 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Apache Airflow Providers Apache Hive vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Airflow Providers Apache Hive Security Vulnerabilities
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider
CVE-2023-37415
8.8 - High
- July 13, 2023
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.
Improper Input Validation
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider
CVE-2023-35797
9.8 - Critical
- July 03, 2023
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.
Improper Input Validation
Improper Input Validation vulnerability in the Apache Airflow Hive Provider
CVE-2023-25696
9.8 - Critical
- February 24, 2023
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.
Improper Input Validation
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.
CVE-2022-46421
9.8 - Critical
- December 20, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.
Command Injection
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow
CVE-2022-41131
7.8 - High
- November 22, 2022
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Airflow Providers Apache Hive or by Apache? Click the Watch button to subscribe.
