{"vulnerability": "CVE-2023-35797", "sightings": [{"uuid": "1b9a26e3-c61b-4c29-92c4-2733276ec201", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35797", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37415\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.\n\nPatching on top of CVE-2023-35797\nBefore\u00a06.1.2\u00a0the proxy_user option can also inject semicolon.\n\nThis issue affects Apache Airflow Apache Hive Provider: before 6.1.2.\n\nIt is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.\n\ud83d\udccf Published: 2023-07-13T09:30:28Z\n\ud83d\udccf Modified: 2025-02-13T19:00:55Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37415\n2. https://github.com/apache/airflow\n3. https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k\n4. http://www.openwall.com/lists/oss-security/2023/07/12/3", "creation_timestamp": "2025-02-13T19:21:09.000000Z"}, {"uuid": "12eb277f-7680-4ed5-8fc2-e908a660440a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35797", "type": "seen", "source": "https://t.me/cibsecurity/65857", "content": "\u203c CVE-2023-35797 \u203c\n\nImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.Before version 6.1.1 it was\u00c2\u00a0possible to bypass the security check to RCE viaprincipal parameter. For this to be\u00c2\u00a0exploited it requires access to modifying the connection details.It is recommended updating provider version to 6.1.1 in order to avoid this\u00c2\u00a0vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-03T14:22:26.000000Z"}]}