cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-39553,https://securityvulnerability.io/vulnerability/CVE-2023-39553,Apache Airflow Drill Provider Arbitrary File Read Vulnerability,Apache Airflow Drill Provider suffers from an improper input validation flaw that enables attackers to send malicious parameters during the connection setup with DrillHook. This exploitation can lead to unauthorized file access on the Airflow server. It is crucial to update to version 2.4.3 or later to safeguard against this vulnerability and maintain the integrity of your systems.,Apache,Apache Airflow Drill Provider,7.5,HIGH,0.0015899999998509884,false,,false,false,false,,,false,false,,2023-08-11T08:15:00.000Z,0
CVE-2023-28707,https://securityvulnerability.io/vulnerability/CVE-2023-28707,Airflow Apache Drill Provider Arbitrary File Read Vulnerability,"An issue has been identified in the Apache Airflow Drill Provider that allows for improper input validation, potentially leading to unexpected behavior or vulnerabilities during its operation. This affects users running versions prior to 2.3.2. It is crucial for organizations using this tool to review their implementations and apply the necessary patch to mitigate any potential security risks. For more details and updates, users can refer to the official patch and advisory from Apache.",Apache,Apache Airflow Drill Provider,7.5,HIGH,0.0015899999998509884,false,,false,false,false,,,false,false,,2023-04-07T15:15:00.000Z,0