Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Apache Airflow HDFS Provider by Apache Software Foundation
CVE-2023-41267 (GCVE-0-2023-41267)
Vulnerability from nvd – Published: 2023-09-14 07:46 – Updated: 2025-02-13 17:09
VLAI?
Title
Apache HDFS Provider error message suggested installation of incorrect pip package
Summary
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1
Severity ?
No CVSS data available.
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow HDFS Provider |
Affected:
0 , < 4.1.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:05.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/apache/airflow/pull/33813"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/ggthr5pn42bn6wcr25hxnykjzh4ntw7z"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/14/3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:airflow_hdfs_provider:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "airflow_hdfs_provider",
"vendor": "apache",
"versions": [
{
"lessThan": "4.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:21:31.272359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:23:52.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.python.org/",
"defaultStatus": "unaffected",
"packageName": "apache-airflow-providers-apache-hdfs",
"product": "Apache Airflow HDFS Provider",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AnupamAs01"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation\u0026nbsp;info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation\u00a0info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1"
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-14T17:06:14.082Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/airflow/pull/33813"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/ggthr5pn42bn6wcr25hxnykjzh4ntw7z"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/14/3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache HDFS Provider error message suggested installation of incorrect pip package",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-41267",
"datePublished": "2023-09-14T07:46:42.191Z",
"dateReserved": "2023-08-27T21:27:41.472Z",
"dateUpdated": "2025-02-13T17:09:00.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41267 (GCVE-0-2023-41267)
Vulnerability from cvelistv5 – Published: 2023-09-14 07:46 – Updated: 2025-02-13 17:09
VLAI?
Title
Apache HDFS Provider error message suggested installation of incorrect pip package
Summary
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1
Severity ?
No CVSS data available.
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow HDFS Provider |
Affected:
0 , < 4.1.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:05.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/apache/airflow/pull/33813"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/ggthr5pn42bn6wcr25hxnykjzh4ntw7z"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/14/3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:airflow_hdfs_provider:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "airflow_hdfs_provider",
"vendor": "apache",
"versions": [
{
"lessThan": "4.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:21:31.272359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:23:52.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.python.org/",
"defaultStatus": "unaffected",
"packageName": "apache-airflow-providers-apache-hdfs",
"product": "Apache Airflow HDFS Provider",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AnupamAs01"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation\u0026nbsp;info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation\u00a0info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1"
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-14T17:06:14.082Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/airflow/pull/33813"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/ggthr5pn42bn6wcr25hxnykjzh4ntw7z"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/14/3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache HDFS Provider error message suggested installation of incorrect pip package",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-41267",
"datePublished": "2023-09-14T07:46:42.191Z",
"dateReserved": "2023-08-27T21:27:41.472Z",
"dateUpdated": "2025-02-13T17:09:00.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}