Nxczje

**Name of the Vulnerable Software and Affected Versions** Apache Airflow Common SQL Provider versions prior to 1.24.1 **Description** The issue is related to an SQL Injection vulnerability in the Apache Airflow Common SQL Provider. This vulnerability allows an authenticated UI user to inject arbitrary SQL commands when triggering a DAG, potentially escalating privileges to execute commands they normally would not have. **Recommendations** For versions prior to 1.24.1, upgrade to version 1.24.1 to fix the issue. As a temporary workaround, consider restricting access to the SQLTableCheckOperator and limiting the exposure of the partition clause to users. Avoid using the partition clause in SQLTableCheckOperator as a parameter to minimize the risk of exploitation.