CVE-2023-35797

Name of the Vulnerable Software and Affected Versions Apache Airflow Hive Provider versions prior to 6.1.1

Description The issue is related to improper input validation, which allows bypassing a security check, potentially leading to remote code execution (RCE) via the principal parameter. This can be exploited if an attacker has access to modify connection details.

Recommendations For versions prior to 6.1.1, update the provider version to 6.1.1 to avoid this issue. As a temporary workaround, consider restricting access to modifying connection details to minimize the risk of exploitation.