Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Apache-airflow-providers-apache-spark | Apache | * | 4.1.3 (excluding) |