4.11.3
4 years ago
28 days ago
Known vulnerabilities in the apache-airflow-providers-apache-spark package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Deserialization of Untrusted Data when it is installed on an Airflow deployment, an authorized user can execute arbitrary code on the Airflow node by directing it to a malicious Spark server. This is only exploitable if the user has the authorization to configure Spark hooks. Note: Administrators are advised to review their configurations to ensure that the authorization to configure Spark hooks is only granted to fully trusted users. How to fix Deserialization of Untrusted Data? Upgrade | [,4.1.3) |
Affected versions of this package are vulnerable to Improper Input Validation. A vulnerability allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. How to fix Improper Input Validation? Upgrade | [,4.1.3) |