<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sat, 11 Jul 2026 19:43:15 +0000</lastBuildDate>
    <item>
      <title>1b9a26e3-c61b-4c29-92c4-2733276ec201</title>
      <link>https://vulnerability.circl.lu/sighting/1b9a26e3-c61b-4c29-92c4-2733276ec201/export</link>
      <description>{"uuid": "1b9a26e3-c61b-4c29-92c4-2733276ec201", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35797", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37415\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.\n\nPatching on top of CVE-2023-35797\nBefore\u00a06.1.2\u00a0the proxy_user option can also inject semicolon.\n\nThis issue affects Apache Airflow Apache Hive Provider: before 6.1.2.\n\nIt is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.\n\ud83d\udccf Published: 2023-07-13T09:30:28Z\n\ud83d\udccf Modified: 2025-02-13T19:00:55Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37415\n2. https://github.com/apache/airflow\n3. https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k\n4. http://www.openwall.com/lists/oss-security/2023/07/12/3", "creation_timestamp": "2025-02-13T19:21:09.000000Z"}</description>
      <content:encoded>{"uuid": "1b9a26e3-c61b-4c29-92c4-2733276ec201", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35797", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37415\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.\n\nPatching on top of CVE-2023-35797\nBefore\u00a06.1.2\u00a0the proxy_user option can also inject semicolon.\n\nThis issue affects Apache Airflow Apache Hive Provider: before 6.1.2.\n\nIt is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.\n\ud83d\udccf Published: 2023-07-13T09:30:28Z\n\ud83d\udccf Modified: 2025-02-13T19:00:55Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37415\n2. https://github.com/apache/airflow\n3. https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k\n4. http://www.openwall.com/lists/oss-security/2023/07/12/3", "creation_timestamp": "2025-02-13T19:21:09.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1b9a26e3-c61b-4c29-92c4-2733276ec201/export</guid>
      <pubDate>Thu, 13 Feb 2025 19:21:09 +0000</pubDate>
    </item>
    <item>
      <title>12eb277f-7680-4ed5-8fc2-e908a660440a</title>
      <link>https://vulnerability.circl.lu/sighting/12eb277f-7680-4ed5-8fc2-e908a660440a/export</link>
      <description>{"uuid": "12eb277f-7680-4ed5-8fc2-e908a660440a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35797", "type": "seen", "source": "https://t.me/cibsecurity/65857", "content": "\u203c CVE-2023-35797 \u203c\n\nImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.Before version 6.1.1 it was\u00c2\u00a0possible to bypass the security check to RCE viaprincipal parameter. For this to be\u00c2\u00a0exploited it requires access to modifying the connection details.It is recommended updating provider version to 6.1.1 in order to avoid this\u00c2\u00a0vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-03T14:22:26.000000Z"}</description>
      <content:encoded>{"uuid": "12eb277f-7680-4ed5-8fc2-e908a660440a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35797", "type": "seen", "source": "https://t.me/cibsecurity/65857", "content": "\u203c CVE-2023-35797 \u203c\n\nImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.Before version 6.1.1 it was\u00c2\u00a0possible to bypass the security check to RCE viaprincipal parameter. For this to be\u00c2\u00a0exploited it requires access to modifying the connection details.It is recommended updating provider version to 6.1.1 in order to avoid this\u00c2\u00a0vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-03T14:22:26.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/12eb277f-7680-4ed5-8fc2-e908a660440a/export</guid>
      <pubDate>Mon, 03 Jul 2023 14:22:26 +0000</pubDate>
    </item>
  </channel>
</rss>
