Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-gg94-fdbv-y7g1
Vulnerability ID VCID-gg94-fdbv-y7g1
Aliases CVE-2023-28707
GHSA-85pf-r4c7-3j9r
PYSEC-2023-3
Summary Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00964 https://api.first.org/data/v1/epss?cve=CVE-2023-28707
cvssv3.1 7.5 https://github.com/apache/airflow
cvssv4 8.7 https://github.com/apache/airflow
generic_textual HIGH https://github.com/apache/airflow
cvssv3.1 7.5 https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3
cvssv4 8.7 https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3
generic_textual HIGH https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3
cvssv3.1 7.5 https://github.com/apache/airflow/pull/30215
cvssv4 8.7 https://github.com/apache/airflow/pull/30215
generic_textual HIGH https://github.com/apache/airflow/pull/30215
ssvc Track https://github.com/apache/airflow/pull/30215
cvssv3.1 7.5 https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml
cvssv4 8.7 https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml
cvssv3.1 7.5 https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
cvssv4 8.7 https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
generic_textual HIGH https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
ssvc Track https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-28707
cvssv4 8.7 https://nvd.nist.gov/vuln/detail/CVE-2023-28707
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-28707
cvssv3.1 7.5 https://www.openwall.com/lists/oss-security/2023/04/07/1
cvssv4 8.7 https://www.openwall.com/lists/oss-security/2023/04/07/1
generic_textual HIGH https://www.openwall.com/lists/oss-security/2023/04/07/1
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2023/04/07/1
cvssv4 8.7 http://www.openwall.com/lists/oss-security/2023/04/07/1
generic_textual HIGH http://www.openwall.com/lists/oss-security/2023/04/07/1
ssvc Track http://www.openwall.com/lists/oss-security/2023/04/07/1
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-28707
https://github.com/apache/airflow
https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3
https://github.com/apache/airflow/pull/30215
https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml
https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
https://www.openwall.com/lists/oss-security/2023/04/07/1
http://www.openwall.com/lists/oss-security/2023/04/07/1
CVE-2023-28707 https://nvd.nist.gov/vuln/detail/CVE-2023-28707
GHSA-85pf-r4c7-3j9r https://github.com/advisories/GHSA-85pf-r4c7-3j9r
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/airflow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/apache/airflow
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/airflow/pull/30215
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/apache/airflow/pull/30215
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/ Found at https://github.com/apache/airflow/pull/30215
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/ Found at https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28707
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28707
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.openwall.com/lists/oss-security/2023/04/07/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://www.openwall.com/lists/oss-security/2023/04/07/1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2023/04/07/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at http://www.openwall.com/lists/oss-security/2023/04/07/1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/ Found at http://www.openwall.com/lists/oss-security/2023/04/07/1
Exploit Prediction Scoring System (EPSS)
Percentile 0.76854
EPSS Score 0.00964
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:31:38.667784+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2023-3.yaml 38.6.0