Home > Vulnerability Database > CVE-2023-41267

Mend.io Vulnerability Database

CVE-2023-41267

Good to know:

Date: September 14, 2023

In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1

Language: Python

Severity Score

7.8

Related Resources (5)

Url: https://lists.apache.org/thread/ggthr5pn42bn6wcr25hxnykjzh4ntw7z

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41267

Url: https://github.com/apache/airflow/pull/33813

Url: http://www.openwall.com/lists/oss-security/2023/09/14/3

Url: https://www.mend.io/vulnerability-database/CVE-2023-41267

Severity Score

7.8

Weakness Type (CWE)

Inclusion of Functionality from Untrusted Control Sphere

CWE-829

Top Fix

Upgrade Version

Upgrade to version apache-airflow-providers-apache-hdfs - 4.1.1

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41267

Good to know:

Date: September 14, 2023

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?