Also we want to credit id_No2015429 of 3H Security Team for his reports for the same issue.
J. On Mon, Jan 23, 2023 at 12:25 PM Jarek Potiuk <pot...@apache.org> wrote: > > Also we want to credit id_No2015429 of 3H Security Team for his reports for > the same issue. > > On Sat, Jan 21, 2023 at 1:51 AM Jarek Potiuk <pot...@apache.org> wrote: >> >> Severity: important >> >> Description: >> >> Improper Neutralization of Special Elements used in a Command ('Command >> Injection') vulnerability in Apache Software Foundation Apache Airflow, >> Apache Software Foundation Apache Airflow MySQL Provider.This issue affects >> Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. >> >> Credit: >> >> Son Tran from VNPT - VCI (reporter) >> >> References: >> >> https://github.com/apache/airflow/pull/28811 >> https://airflow.apache.org/ >> https://www.cve.org/CVERecord?id=CVE-2023-22884 >>