216.73.216.75

CVE-2025-27018

· Published 19/03/2025 09:15 · Modified 19/03/2025 19:15

Labels: CVE-2025-27018 2025-03-19CVE-2025-27018CWE-89[email protected]

Essential information

Published
19/03/2025 09:15
Modified
19/03/2025 19:15
Author
Creator
CISA KEV
No
CWE

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended. It could lead to data corruption, modification and others. This issue affects Apache Airflow MySQL Provider: before 6.2.0. Users are recommended to upgrade to version 6.2.0, which fixes the issue.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
apache / airflow mysql provider cpe:2.3:a:apache:airflow_mysql_provider:*:*:*:*:*:*:*:*

References