-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from libjars parameter handling being moved from connection configuration to hook parameters in the fix (PR #29500). The pre-patch implementation retrieved libjars from connection extras (user-controllable via UI/API) without validation, enabling path injection. The init method's connection extra parsing for libjars was the vulnerable code path removed in the patch.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| apache-airflow-providers-apache-sqoop | pip | < 3.1.1 | 3.1.1 |
Ongoing coverage of React2Shell