CVE-2023-35797

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 3, 2023

Updated: Jul 13, 2023

CWE ID 20

Summary

CVE-2023-35797: A critical vulnerability has been identified in the Apache Software Foundation's Apache Airflow Hive Provider. This issue, which affects versions before 6.1.1, involves improper input validation leading to Remote Code Execution (RCE) via the principal parameter. To exploit this vulnerability, an attacker must have access to modify connection details. It is strongly advised to update the provider version to 6.1.1 to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rr4z6O
https://www.cve.org/CVERecord?id=CVE-2023-35797
https://nvd.nist.gov/vuln/detail/CVE-2023-35797

Back to Vulnerability Database

CVE-2023-35797

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations