Impact of Vulnerability - Apache Airflow / Airflow MySQL Provider local_infile Parameter Remote Command Injection
CVE ID - CVE-2023-22884
Description - Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
Please let us know if Apache Airflow and Apache Airflow MySQL Provider are being used under Autosys tools
link for the vulnerability - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-22884
Release : 12.x
Please note EEM and WCC are not affected by this Vulnerability, As EMM, and WCC does not use Apache Airflow MySQL provider.
Autosys is not impacted if you are not using any Autosys Apache Airflow plugin
If you are using any Autosys Airflow plugin, please contact Broadcom Support.