We use cookies to improve your experience on our site.
AVID-2026-R1210
Description
Sqoop Apache Airflow Provider Remote Code Execution Vulnerability (CVE-2023-25693)
Details
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.
This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.
Reason for inclusion in AVID: CVE-2023-25693 is a remote code execution vulnerability in the Apache Airflow Sqoop Provider (improper input validation). Airflow is a workflow/orchestration tool frequently used to manage AI/ML data pipelines and model workflows; a vulnerability in such a component constitutes a software supply-chain issue for general-purpose AI systems. The advisory clearly states the vulnerability type, affected versions, and references, providing sufficient signal for curation.
References
- NVD entry
- https://github.com/apache/airflow/pull/29500
- https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4
Affected or Relevant Artifacts
- Developer: Apache Software Foundation
- Deployer: Apache Software Foundation
- Artifact Details:
| Type | Name |
|---|---|
| System | Apache Airflow Sqoop Provider |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CWE
| ID | Description |
|---|---|
| CWE-20 | CWE-20 Improper Input Validation |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-02-24
- Version: 0.3.3
- AVID Entry