Vulnerability	Vulnerable Version
M SQL Injection apache-airflow-providers-mysql is a provider for Apache Airflow Affected versions of this package are vulnerable to SQL Injection through the `dump_sql()` or `load_sql()` functions. A user can inject DML into a table parameter from the UI on a DAG that uses one of these functions. How to fix SQL Injection? Upgrade `apache-airflow-providers-mysql` to version 6.2.0rc1 or higher.	[,6.2.0rc1)
C Command Injection apache-airflow-providers-mysql is a provider for Apache Airflow Affected versions of this package are vulnerable to Command Injection due to lack of sanitization of input to the `LOAD DATA LOCAL INFILE` statement, which can be used by an attacker to execute commands on the operating system. How to fix Command Injection? Upgrade `apache-airflow-providers-mysql` to version 4.0.0 or higher.	[,4.0.0)

SQL Injection

apache-airflow-providers-mysql is a provider for Apache Airflow

Affected versions of this package are vulnerable to SQL Injection through the dump_sql() or load_sql() functions. A user can inject DML into a table parameter from the UI on a DAG that uses one of these functions.

How to fix SQL Injection?

Upgrade apache-airflow-providers-mysql to version 6.2.0rc1 or higher.

[,6.2.0rc1)

Command Injection

apache-airflow-providers-mysql is a provider for Apache Airflow

Affected versions of this package are vulnerable to Command Injection due to lack of sanitization of input to the LOAD DATA LOCAL INFILE statement, which can be used by an attacker to execute commands on the operating system.

How to fix Command Injection?

Upgrade apache-airflow-providers-mysql to version 4.0.0 or higher.

[,4.0.0)

Go back to all versions of this package