漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Airflow Spark Provider Arbitrary File Read via JDBC
Vulnerability Description
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Apache Airflow 输入验证错误漏洞
Vulnerability Description
Apache Airflow是美国阿帕奇(Apache)基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow Spark Provider 4.1.3之前版本存在输入验证错误漏洞,该漏洞源于允许攻击者在建立连接时传入恶意参数,从而有机会读取Airflow服务器上的文件。
CVSS Information
N/A
Vulnerability Type
N/A