GHSA-hhm6-jjf4-6pm3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hhm6-jjf4-6pm3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-hhm6-jjf4-6pm3/GHSA-hhm6-jjf4-6pm3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hhm6-jjf4-6pm3
- Aliases
- Related
- Published
- 2025-03-19T09:30:27Z
- Modified
- 2025-03-25T20:28:38.682161Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Apache Airflow MySQL Provider is Vulnerable to SQL Injection
- Details
-
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider.
When user triggered a DAG with dumpsql or loadsql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended. It could lead to data corruption, modification and others. This issue affects Apache Airflow MySQL Provider: before 6.2.0.
Users are recommended to upgrade to version 6.2.0, which fixes the issue.
- Database specific
{ "github_reviewed_at": "2025-03-19T15:48:17Z", "cwe_ids": [ "CWE-89" ], "nvd_published_at": "2025-03-19T09:15:14Z", "severity": "MODERATE", "github_reviewed": true }- References
Affected packages
PyPI / apache-airflow-providers-mysql
Package
- Name
- apache-airflow-providers-mysql
- View open source insights on deps.dev
- Purl
- pkg:pypi/apache-airflow-providers-mysql
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.2.0
Affected versions
1.*
1.0.0b1
1.0.0b2
1.0.0rc1
1.0.0
1.0.1rc1
1.0.1
1.0.2rc1
1.0.2
1.1.0rc1
1.1.0
2.*
2.0.0rc1
2.0.0rc2
2.0.0
2.1.0rc1
2.1.0rc2
2.1.0
2.1.1rc1
2.1.1
2.2.0rc1
2.2.0rc2
2.2.0
2.2.1rc1
2.2.1
2.2.2rc1
2.2.2
2.2.3rc1
2.2.3
3.*
3.0.0rc1
3.0.0rc2
3.0.0
3.1.0rc1
3.1.0
3.2.0rc1
3.2.0rc2
3.2.0rc3
3.2.0
3.2.1rc1
3.2.1
3.3.0rc1
3.3.0
3.4.0rc2
3.4.0rc3
3.4.0
4.*
4.0.0rc1
4.0.0
4.0.1rc1
4.0.1
4.0.2rc1
4.0.2
5.*
5.0.0rc1
5.0.0
5.1.0rc1
5.1.0rc2
5.1.0
5.1.1rc1
5.1.1
5.2.0rc1
5.2.0
5.2.1rc1
5.2.1
5.3.0rc1
5.3.0
5.3.1rc1
5.3.1
5.4.0rc1
5.4.0
5.5.0rc1
5.5.0
5.5.1rc1
5.5.1
5.5.2rc1
5.5.2rc2
5.5.2
5.5.3rc1
5.5.3
5.5.4rc1
5.5.4
5.6.0rc1
5.6.0
5.6.1rc1
5.6.1
5.6.2rc1
5.6.2
5.6.3rc1
5.6.3
5.7.0rc1
5.7.0
5.7.1rc1
5.7.1
5.7.2rc1
5.7.2
5.7.3rc1
5.7.3
5.7.4rc1
5.7.4
6.*
6.0.0rc1
6.0.0rc2
6.0.0
6.1.0rc1
6.1.0
6.2.0rc1