<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-11T19:43:14.928439+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1b9a26e3-c61b-4c29-92c4-2733276ec201/export</id>
    <title>1b9a26e3-c61b-4c29-92c4-2733276ec201</title>
    <updated>2026-07-11T19:43:14.950534+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1b9a26e3-c61b-4c29-92c4-2733276ec201", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35797", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37415\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.\n\nPatching on top of CVE-2023-35797\nBefore\u00a06.1.2\u00a0the proxy_user option can also inject semicolon.\n\nThis issue affects Apache Airflow Apache Hive Provider: before 6.1.2.\n\nIt is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.\n\ud83d\udccf Published: 2023-07-13T09:30:28Z\n\ud83d\udccf Modified: 2025-02-13T19:00:55Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37415\n2. https://github.com/apache/airflow\n3. https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k\n4. http://www.openwall.com/lists/oss-security/2023/07/12/3", "creation_timestamp": "2025-02-13T19:21:09.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1b9a26e3-c61b-4c29-92c4-2733276ec201/export"/>
    <published>2025-02-13T19:21:09+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/12eb277f-7680-4ed5-8fc2-e908a660440a/export</id>
    <title>12eb277f-7680-4ed5-8fc2-e908a660440a</title>
    <updated>2026-07-11T19:43:14.952717+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "12eb277f-7680-4ed5-8fc2-e908a660440a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35797", "type": "seen", "source": "https://t.me/cibsecurity/65857", "content": "\u203c CVE-2023-35797 \u203c\n\nImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.Before version 6.1.1 it was\u00c2\u00a0possible to bypass the security check to RCE viaprincipal parameter. For this to be\u00c2\u00a0exploited it requires access to modifying the connection details.It is recommended updating provider version to 6.1.1 in order to avoid this\u00c2\u00a0vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-03T14:22:26.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/12eb277f-7680-4ed5-8fc2-e908a660440a/export"/>
    <published>2023-07-03T14:22:26+00:00</published>
  </entry>
</feed>
