Vulnerability CVE-2023-35798


Published: 2023-06-27

Description:
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it.

This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.

It is recommended to upgrade to a version that is not affected

Type:

CWE-20

(Improper Input Validation)

 References:
https://lists.apache.org/thread/951rb9m7wwox5p30tdvcfjxq8j1mp4pj
https://github.com/apache/airflow/pull/31984

Copyright 2026, cxsecurity.com

 

Back to Top