cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37415,https://securityvulnerability.io/vulnerability/CVE-2023-37415,Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user,"An improper input validation vulnerability exists in the Apache Airflow Apache Hive Provider prior to version 6.1.2, allowing user-controlled input to potentially inject unintended commands. Specifically, the proxy_user option is susceptible to injection of a semicolon, which can lead to further exploitation. It is critical for users to update to version 6.1.2 or later to mitigate this risk and maintain secure operations.",Apache,Apache Airflow Apache Hive Provider,8.8,HIGH,0.0012600000482052565,false,,false,false,false,,,false,false,,2023-07-13T08:15:00.000Z,0
CVE-2023-35797,https://securityvulnerability.io/vulnerability/CVE-2023-35797,Apache Airflow Hive Provider Beeline RCE with Principal,"The Apache Airflow Hive Provider prior to version 6.1.1 contains an improper input validation vulnerability that allows an attacker to bypass security checks and potentially execute remote code through the manipulation of the principal parameter. This exploit requires access to modify connection details, highlighting the importance of securing these configurations. To mitigate this risk, it is crucial to update to version 6.1.1 or later.",Apache,Apache Airflow Apache Hive Provider,9.8,CRITICAL,0.0032999999821186066,false,,false,false,false,,,false,false,,2023-07-03T10:15:00.000Z,0
CVE-2023-28706,https://securityvulnerability.io/vulnerability/CVE-2023-28706,Apache Airflow Hive Provider Beeline Remote Command Execution,"A vulnerability exists in the Apache Airflow Hive Provider, where improper control during code generation could lead to code injection attacks. This can enable unauthorized actions and manipulation of input data by malicious actors, potentially compromising the integrity of the application. Users are advised to upgrade to version 6.0.0 or later to mitigate this risk.",Apache,Apache Airflow Hive Provider,9.8,CRITICAL,0.01616000011563301,false,,false,false,false,,,false,false,,2023-04-07T15:15:00.000Z,0
CVE-2023-25696,https://securityvulnerability.io/vulnerability/CVE-2023-25696,Apache Airflow Hive Provider Beeline RCE,"The Apache Airflow Hive Provider contains a vulnerability due to improper input validation, potentially allowing an attacker to exploit the system. This issue specifically affects versions prior to 5.1.3. Users are advised to upgrade to the latest version to mitigate this risk and enhance the overall security posture of their applications.",Apache,Apache Airflow Hive Provider,9.8,CRITICAL,0.0026000000070780516,false,,false,false,false,,,false,false,,2023-02-24T12:15:00.000Z,0
CVE-2022-46421,https://securityvulnerability.io/vulnerability/CVE-2022-46421,Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params,"Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.

",Apache,Apache Airflow Hive Provider,9.8,CRITICAL,0.009879999794065952,false,,false,false,false,,,false,false,,2022-12-20T10:20:39.431Z,0
CVE-2022-41131,https://securityvulnerability.io/vulnerability/CVE-2022-41131,Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection),"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).",Apache,"Apache Airflow Hive Provider,Apache Airflow",7.8,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-11-22T00:00:00.000Z,0