apache-airflow-providers-apache-spark

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting apache-airflow-providers-apache-sparkpage 1 of 1

CVE-2023-28710HIGHCVSS 7.5EG 7.5✓ Fixed in 4.0.1
2023-04-07
vulnerable: 1.0.0 ... 4.0.1rc1 (34 versions)
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.
CVE-2023-40195HIGHCVSS 8.8EG 8.8✓ Fixed in 4.1.3
2023-08-28
vulnerable: 1.0.0 ... 4.1.3rc1 (43 versions)
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, a…
CVE-2023-40272HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.3
2023-08-17
vulnerable: 1.0.0 ... 4.1.3rc1 (43 versions)
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is re…

Check whether apache-airflow-providers-apache-spark is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for apache-airflow-providers-apache-spark CVEs against the assets you own.

Start Free Scan →