Loading HuntDB...

GHSA-q57w-826p-46jr

GitHub Security Advisory

Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it.

This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.

It is recommended to upgrade to a version that is not affected

Affected Packages

PyPI apache-airflow-providers-odbc
Affected versions: 0 (fixed in 4.0.0)
PyPI apache-airflow-providers-microsoft-mssql
Affected versions: 0 (fixed in 3.4.1)

Related CVEs

Key Information

GHSA ID
GHSA-q57w-826p-46jr
Published
June 27, 2023 12:30 PM
Last Modified
July 6, 2023 4:02 PM
CVSS Score
5.0 /10
Primary Ecosystem
PyPI
Primary Package
apache-airflow-providers-odbc
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.