漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Airflow ODBC Provider: Remote code execution vulnerability
Vulnerability Description
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0.
CVSS Information
N/A
Vulnerability Type
参数注入或修改
Vulnerability Title
Apache Airflow 参数注入漏洞
Vulnerability Description
Apache Airflow是美国阿帕奇(Apache)基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow ODBC Provider 4.0.0 之前版本存在参数注入漏洞,该漏洞源于在OdbcHook中,由于ODBC驱动程序允许加载任意动态链接库,从而导致命令执行。
CVSS Information
N/A
Vulnerability Type
N/A