odbc apache airflow provider code execution vulnerability

In airflow.providers.odbc.hooks.odbc.OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Vulnerability reproduction steps: 1. get a malicious dynamic-link library driver A simple way to obtain a malicious dynamic-link library driver is to obtain the driver source code, add malicious code into the driver code and compile it. So I download a mysql-odbc-driver from https://cdn.mysql.com//Downloads/Connector-ODBC/8.0/mysql-connector-odbc-8.0.33-src.tar.gz，add I add `system('touch /tmp/apache-ariflow-odbc')` in driver.ansi.SQLDriverConnect function. After Compilation, I get a dynamic library `libmyodbc8a.so`. 2. config odbc connection Go to the Connection configuration page. Add a `driver` parameter in the extra location, with the parameter being the file path of the previously obtained dynamic-link library file. 3. click on the test button Click on the test button and it can be observed that the command is executed and a file named apache-ariflow-odbc is generated in the /tmp directory. This is a screenshot of my email exchange with Airflow developers: █████ █████ ## Impact Upgrade any local user to Airflow user privileges.