Apache Vulnerabilities

This vulnerability allows an attacker with access to the database to run unauthorized code, effectively giving them the same permissions as the original creator of workflows in Airflow. While direct access to the database is uncommon and not recommended, upgrading to version 6.0.0 of the provider is essential to eliminate this risk.

This vulnerability allows an attacker to access sensitive information from client configuration files that are improperly logged in Apache ZooKeeper, potentially exposing critical data in production environments. It affects versions 3.8.5 and 3.9.4, so users should upgrade to the latest versions to protect against this issue.

This vulnerability allows attackers to impersonate ZooKeeper servers or clients by controlling or spoofing reverse DNS records, potentially tricking systems into trusting them. However, the attacker must also present a valid certificate that is recognized by the system, making it more challenging to exploit.

This vulnerability allows an attacker to send specially crafted messages to an Apache ActiveMQ broker, potentially causing it to misinterpret the data and behave unexpectedly. It can occur after a user has successfully logged in, but only affects brokers that are using MQTT transport connectors.

This vulnerability allows an authenticated user with access to SQLLab in Apache Superset to bypass restrictions and execute unauthorized data manipulation commands on a PostgreSQL database, even though the system is supposed to prevent such actions. To exploit this, the attacker must have valid credentials and access to the SQLLab feature before the software is updated to version 6.0.0, which fixes the issue.

This vulnerability allows a low-privileged user to access unauthorized data by manipulating existing datasets in Apache Superset. An attacker needs to have permission to create datasets and read charts, which lets them overwrite SQL queries and bypass data access controls.

This vulnerability allows a user with high-level permissions in Apache Airflow to execute arbitrary code on the web server by manipulating the database, particularly when viewing historical task logs. To mitigate this risk, users should upgrade to Airflow 3 or disable the log template history feature, which is turned off by default in version 2.11.1.

This vulnerability allows an attacker to execute arbitrary code on a server running Apache Camel if they can write to the LevelDB database files used by the application. This means that if an attacker has access to modify these files, they can inject malicious code that runs when the application processes the data, potentially compromising the entire system.

An attacker can crash an application by sending it corrupted data when using the Apache Avro Rust SDK, which can disrupt services and lead to downtime. This vulnerability affects versions prior to 0.14.0, so users should upgrade to the latest version to protect against this issue.