Impact of Vulnerability - Apache Airflow / Airflow MySQL Provider local_infile Parameter Remote Command Injection

CVE ID - CVE-2023-22884

Description - Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.

Please let us know if Apache Airflow and Apache Airflow MySQL Provider are being used under Autosys tools

link for the vulnerability - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-22884

Release : 12.x

Please note EEM and WCC are not affected by this Vulnerability,  As EMM, and WCC does not use Apache Airflow MySQL provider.

Autosys is not impacted if you are not using any Autosys Apache Airflow plugin

If you are using any Autosys Airflow plugin, please contact Broadcom Support.