apache-airflow-providers-apache-sqoop@2.0.0rc1 vulnerabilities
Provider package apache-airflow-providers-apache-sqoop for Apache Airflow
latest version
4.2.1
latest non vulnerable version
first published
4 years ago
latest version published
1 years ago
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the apache-airflow-providers-apache-sqoop package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
apache-airflow-providers-apache-sqoop is a Provider for Apache Airflow. Implements apache-airflow-providers-apache-sqoop package Affected versions of this package are vulnerable to Remote Code Execution (RCE) through the 'sqoop import --connect' function. An attacker can exploit this vulnerability to obtain server permissions and more by passing parameters with the connections. This is only exploitable if the attacker is logged in and has authorization to create/edit connections. How to fix Remote Code Execution (RCE)? Upgrade | [,4.0.0) |
apache-airflow-providers-apache-sqoop is a Provider for Apache Airflow. Implements apache-airflow-providers-apache-sqoop package Affected versions of this package are vulnerable to Improper Input Validation due to incorrect implementation of the How to fix Improper Input Validation? Upgrade | [,3.1.1) |