GHSA-q57w-826p-46jr
GitHub Security Advisory
Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it.
This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.
It is recommended to upgrade to a version that is not affected
Affected Packages
PyPI
apache-airflow-providers-odbc
Affected versions:
0
(fixed in 4.0.0)
PyPI
apache-airflow-providers-microsoft-mssql
Affected versions:
0
(fixed in 3.4.1)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 27, 2025 6:35 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.