Apache Software Foundation Apache-airflow-providers-apache-pig (Apache Airflow Pig Provider) 1.0.1

CPE Details

Apache Software Foundation Apache-airflow-providers-apache-pig (Apache Airflow Pig Provider) 1.0.1
apache
apache-airflow-providers-apache-pig
1.0.1
2022-11-28
17h11 +00:00
2023-05-22
12h30 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:apache-airflow-providers-apache-pig:1.0.1:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

apache-airflow-providers-apache-pig

Version

1.0.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-40189 2022-11-22 00h00 +00:00 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.