apache-airflow-providers-apache-spark@2.1.3 vulnerabilities
Provider package apache-airflow-providers-apache-spark for Apache Airflow
latest version
4.11.3
latest non vulnerable version
first published
4 years ago
latest version published
28 days ago
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the apache-airflow-providers-apache-spark package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Deserialization of Untrusted Data when it is installed on an Airflow deployment, an authorized user can execute arbitrary code on the Airflow node by directing it to a malicious Spark server. This is only exploitable if the user has the authorization to configure Spark hooks. Note: Administrators are advised to review their configurations to ensure that the authorization to configure Spark hooks is only granted to fully trusted users. How to fix Deserialization of Untrusted Data? Upgrade | [,4.1.3) |
Affected versions of this package are vulnerable to Improper Input Validation. A vulnerability allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. How to fix Improper Input Validation? Upgrade | [,4.1.3) |
Affected versions of this package are vulnerable to Improper Input Validation because the host and schema of JDBC Hook can contain How to fix Improper Input Validation? Upgrade | [,4.0.1) |
Affected versions of this package are vulnerable to OS Command Injection which allows an attacker to read arbitrary files in the task execution context, without write access to DAG files. How to fix OS Command Injection? Upgrade | [,4.0.0) |