Homepage

apache-airflow-providers-common-sql@1.9.0 vulnerabilities

Provider package apache-airflow-providers-common-sql for Apache Airflow

  • latest version

    1.26.0

  • latest non vulnerable version

    1.26.0

  • first published

    2 years ago

  • latest version published

    16 hours ago

  • licenses detected

  • View apache-airflow-providers-common-sql package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the apache-airflow-providers-common-sql package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    SQL Injection

    apache-airflow-providers-common-sql is a Provider package apache-airflow-providers-common-sql for Apache Airflow

    Affected versions of this package are vulnerable to SQL Injection via the partition_clause parameter in SQLTableCheckOperator. An attacker can escalate privileges and execute arbitrary SQL commands by manipulating the input to the partition_clause when triggering a DAG.

    Note:

    This is only exploitable if the user has authenticated access to the UI and the ability to trigger DAGs.

    How to fix SQL Injection?

    Upgrade apache-airflow-providers-common-sql to version 1.24.1 or higher.

    [,1.24.1)
    Go back to all versions of this package