cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-27604,https://securityvulnerability.io/vulnerability/CVE-2023-27604,Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability,"The Apache Airflow Sqoop Provider prior to version 4.0.0 possesses a vulnerability that allows an authenticated attacker to exploit connection parameters, which can lead to remote code execution (RCE) through the 'sqoop import --connect' command. This vulnerability requires the attacker to be logged in and possess permissions to create or edit connections, enabling potential unauthorized access to Airflow server permissions. It is crucial to upgrade to a non-affected version to mitigate this risk. Reports regarding this issue were made by members of independent security teams.",Apache,Apache Airflow Sqoop Provider,8.8,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-08-28T08:15:00.000Z,0
CVE-2023-25693,https://securityvulnerability.io/vulnerability/CVE-2023-25693,Sqoop Apache Airflow Provider Remote Code Execution Vulnerability,"An improper input validation vulnerability exists in the Apache Airflow Sqoop Provider, which can allow attackers to exploit the system. This issue impacts versions prior to 3.1.1, highlighting the need for immediate updates to secure your environment.",Apache,Apache Airflow Sqoop Provider,9.8,CRITICAL,0.0026000000070780516,false,,false,false,false,,,false,false,,2023-02-24T12:15:00.000Z,0