| 0 |
| url |
VCID-1w96-f72k-ryap |
| vulnerability_id |
VCID-1w96-f72k-ryap |
| summary |
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task SDK's `KEY_REGEX` (write-path attack), and in both cases the FileTaskHandler resolves the log path outside the configured `base_log_folder`, leaking or overwriting arbitrary files. Only affects deployments where the worker log folder is shared with the API server. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deploy the worker and API server with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-40861, PYSEC-2026-181
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1w96-f72k-ryap |
|
| 1 |
| url |
VCID-2fnz-jqpe-nuau |
| vulnerability_id |
VCID-2fnz-jqpe-nuau |
| summary |
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.2.4rc1 |
| purl |
pkg:pypi/apache-airflow@2.2.4rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 6 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 7 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 8 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 9 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 10 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 11 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 12 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 13 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 14 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 15 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 16 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 17 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 18 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 19 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 20 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 21 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 22 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 23 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 24 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 25 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 26 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 27 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 28 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 29 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 30 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 31 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 32 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 33 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 34 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 35 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 36 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 37 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 38 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 39 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 40 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 41 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 42 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 43 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 44 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 45 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 46 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 47 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4rc1 |
|
|
| aliases |
CVE-2021-45229, GHSA-65xw-pcqw-hjrh, PYSEC-2022-29
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2fnz-jqpe-nuau |
|
| 2 |
| url |
VCID-2xr2-w3hk-auck |
| vulnerability_id |
VCID-2xr2-w3hk-auck |
| summary |
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-25917, GHSA-6ffj-2wg2-w45j, PYSEC-2026-13
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2xr2-w3hk-auck |
|
| 3 |
| url |
VCID-2ysx-9hz5-fyfm |
| vulnerability_id |
VCID-2ysx-9hz5-fyfm |
| summary |
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 6 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 7 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 8 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 9 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 10 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 11 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 12 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 13 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 14 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 15 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 16 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 17 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 18 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 19 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 20 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 24 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 25 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 26 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 27 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 28 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 29 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 30 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 31 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 32 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 33 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 34 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 35 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 36 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 37 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 38 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 39 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 40 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 41 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 42 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 43 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.4.2 |
| purl |
pkg:pypi/apache-airflow@2.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 9 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 10 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 11 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 12 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 13 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 14 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 15 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 16 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 17 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 18 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 19 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 20 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 21 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 22 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 23 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 24 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 25 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 26 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 27 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 28 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 29 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 30 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 31 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 32 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 33 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 34 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 35 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 36 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 37 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 38 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 39 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 40 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 41 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2 |
|
|
| aliases |
CVE-2022-43985, GHSA-f9fq-78ch-4wmj, PYSEC-2022-42971
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2ysx-9hz5-fyfm |
|
| 4 |
| url |
VCID-3h3z-bfsc-jqax |
| vulnerability_id |
VCID-3h3z-bfsc-jqax |
| summary |
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.
This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.
Users are recommended to upgrade to 2.8.0, which fixes this issue |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.0 |
| purl |
pkg:pypi/apache-airflow@2.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 3 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 4 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 5 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 6 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 7 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 8 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 9 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 10 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 11 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 12 |
| vulnerability |
VCID-e5dn-tpzy-qqec |
|
| 13 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 14 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 15 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 16 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 17 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 18 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 19 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0 |
|
|
| aliases |
CVE-2023-50783, GHSA-5938-79hg-xh3q, PYSEC-2023-267
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3h3z-bfsc-jqax |
|
| 5 |
| url |
VCID-4dpy-dzpr-bbg7 |
| vulnerability_id |
VCID-4dpy-dzpr-bbg7 |
| summary |
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
4.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.5 |
| purl |
pkg:pypi/apache-airflow@1.10.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 8 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 9 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 10 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 11 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 12 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 13 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 14 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 15 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 16 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 17 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 18 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 19 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 20 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 21 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 22 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 23 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 24 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 25 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 26 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 27 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 28 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 29 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 30 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 31 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 32 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 33 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 34 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 35 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 36 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 37 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 38 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 39 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 40 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 41 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 42 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 43 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 44 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 45 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 46 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 47 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 48 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 49 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 50 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 51 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 52 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 53 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 54 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 55 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 56 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 57 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 58 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 59 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 60 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 61 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 62 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 63 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 64 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 65 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 66 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.5 |
|
|
| aliases |
CVE-2019-12398, GHSA-rjvg-q57v-mjjc, PYSEC-2020-162
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| url |
VCID-4ga6-4111-dyc9 |
| vulnerability_id |
VCID-4ga6-4111-dyc9 |
| summary |
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.8.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 3 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 4 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 5 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 6 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 7 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 8 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 9 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 10 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 11 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 12 |
| vulnerability |
VCID-e5dn-tpzy-qqec |
|
| 13 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 14 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 15 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 16 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 17 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 18 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 19 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.8.1 |
| purl |
pkg:pypi/apache-airflow@2.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 3 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 4 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 5 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 6 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 7 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 8 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 9 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 10 |
| vulnerability |
VCID-e5dn-tpzy-qqec |
|
| 11 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 12 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 13 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 14 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 15 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 16 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 17 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1 |
|
|
| aliases |
CVE-2023-50944, GHSA-vm5m-qmrx-fw8w, PYSEC-2024-14
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4ga6-4111-dyc9 |
|
| 7 |
| url |
VCID-4xax-xw67-2qfv |
| vulnerability_id |
VCID-4xax-xw67-2qfv |
| summary |
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.1 |
| purl |
pkg:pypi/apache-airflow@2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4bps-htex-tqgk |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 7 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 8 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 9 |
| vulnerability |
VCID-5nys-mzgw-4khd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6pk8-baws-e3dt |
|
| 14 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 15 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 25 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 26 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 27 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 28 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 29 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 30 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 31 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 32 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 33 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 34 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 35 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 36 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 37 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 38 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 39 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 40 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 41 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 42 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 43 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 44 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 45 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 46 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 47 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 48 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.1 |
|
|
| aliases |
CVE-2022-27949, GHSA-fvw2-2pf7-77vw, PYSEC-2022-42981
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4xax-xw67-2qfv |
|
| 8 |
| url |
VCID-4xdb-1kww-sfdh |
| vulnerability_id |
VCID-4xdb-1kww-sfdh |
| summary |
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.11rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 20 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 21 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 22 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 23 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 24 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 25 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 26 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 27 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 28 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 29 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 30 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 31 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 32 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 33 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 34 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 35 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 36 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 37 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 38 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 39 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 40 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 41 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 42 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 43 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 44 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 45 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 46 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 47 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 48 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 49 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 50 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 51 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 52 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 53 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 54 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 55 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 56 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 57 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 58 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 59 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 60 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 61 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 62 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 63 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1 |
|
|
| aliases |
CVE-2020-11978, GHSA-rvmq-4x66-q7j3, PYSEC-2020-14
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4xdb-1kww-sfdh |
|
| 9 |
| url |
VCID-56eq-awhd-d3fr |
| vulnerability_id |
VCID-56eq-awhd-d3fr |
| summary |
Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author.
Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-45034, GHSA-92xg-gmrq-5c3w, PYSEC-2024-212
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-56eq-awhd-d3fr |
|
| 10 |
| url |
VCID-5cpd-kjpb-ekhv |
| vulnerability_id |
VCID-5cpd-kjpb-ekhv |
| summary |
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.2 |
| purl |
pkg:pypi/apache-airflow@2.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 6 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 7 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 8 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 9 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 10 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 11 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 12 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 13 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 14 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 15 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 16 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 17 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 18 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 19 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 20 |
| vulnerability |
VCID-t7xp-8ua7-d7ff |
|
| 21 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 22 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 23 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 24 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2 |
|
|
| aliases |
CVE-2023-42663, GHSA-32wr-qqw6-5mfp, PYSEC-2023-197
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5cpd-kjpb-ekhv |
|
| 11 |
| url |
VCID-5jyk-dgtu-zfhd |
| vulnerability_id |
VCID-5jyk-dgtu-zfhd |
| summary |
Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG bundle is importable from the scheduler process — could embed a custom `DeadlineReference` whose serialized form named an attacker-controlled module path, causing the scheduler to `import_string(...)` and instantiate that class with a live SQLAlchemy session attached. Affects deployments where DAG-author code is less trusted than the scheduler process. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-45360, PYSEC-2026-186
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5jyk-dgtu-zfhd |
|
| 12 |
| url |
VCID-5yxa-ubfq-fqdx |
| vulnerability_id |
VCID-5yxa-ubfq-fqdx |
| summary |
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 6 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 7 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 8 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 9 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 10 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 11 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 12 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 13 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 14 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 15 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 16 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 17 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 18 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 19 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 20 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 24 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 25 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 26 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 27 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 28 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 29 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 30 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 31 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 32 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 33 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 34 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 35 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 36 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 37 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 38 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 39 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 40 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 41 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 42 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 43 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.4.2 |
| purl |
pkg:pypi/apache-airflow@2.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 9 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 10 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 11 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 12 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 13 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 14 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 15 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 16 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 17 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 18 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 19 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 20 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 21 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 22 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 23 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 24 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 25 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 26 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 27 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 28 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 29 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 30 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 31 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 32 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 33 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 34 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 35 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 36 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 37 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 38 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 39 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 40 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 41 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2 |
|
|
| aliases |
CVE-2022-43982, GHSA-h63r-9xxf-f2c7, PYSEC-2022-42970
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5yxa-ubfq-fqdx |
|
| 13 |
| url |
VCID-5zmy-2ape-7qfa |
| vulnerability_id |
VCID-5zmy-2ape-7qfa |
| summary |
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.
Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.1 |
| purl |
pkg:pypi/apache-airflow@2.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1jx5-34px-ukbz |
|
| 1 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 6 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 7 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 10 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 11 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 12 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 13 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 14 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 15 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 16 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 17 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 18 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 19 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 20 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 21 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 22 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 23 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 24 |
| vulnerability |
VCID-t7xp-8ua7-d7ff |
|
| 25 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 26 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 27 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 28 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1 |
|
|
| aliases |
CVE-2023-40712, GHSA-mjqh-v5f2-g2mw, PYSEC-2023-171
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5zmy-2ape-7qfa |
|
| 14 |
| url |
VCID-6c7g-ws6x-yygu |
| vulnerability_id |
VCID-6c7g-ws6x-yygu |
| summary |
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.3b1 |
| purl |
pkg:pypi/apache-airflow@1.10.3b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 7 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 8 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 9 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 10 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 11 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 12 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 13 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 14 |
| vulnerability |
VCID-6c7g-ws6x-yygu |
|
| 15 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 16 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 17 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 18 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 19 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 20 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 21 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 22 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 23 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 24 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 25 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 26 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 27 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 28 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 29 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 30 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 31 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 32 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 33 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 34 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 35 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 36 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 37 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 38 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 39 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 40 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 41 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 42 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 43 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 44 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 45 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 46 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 47 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 48 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 49 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 50 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 51 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 52 |
| vulnerability |
VCID-q83y-d2x7-m7hv |
|
| 53 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 54 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 55 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 56 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 57 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 58 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 59 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 60 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 61 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 62 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 63 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 64 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 65 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 66 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 67 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 68 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 69 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.3b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.3 |
| purl |
pkg:pypi/apache-airflow@1.10.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 7 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 8 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 9 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 10 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 11 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 12 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 13 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 14 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 15 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 16 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 17 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 18 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 19 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 20 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 21 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 22 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 23 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 24 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 25 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 26 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 27 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 28 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 29 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 30 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 31 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 32 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 33 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 34 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 35 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 36 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 37 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 38 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 39 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 40 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 41 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 42 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 43 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 44 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 45 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 46 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 47 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 48 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 49 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 50 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 51 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 52 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 53 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 54 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 55 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 56 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 57 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 58 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 59 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 60 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 61 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 62 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 63 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 64 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 65 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 66 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 67 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.3 |
|
|
| aliases |
CVE-2019-0216, GHSA-8p7v-2jvj-v54r, PYSEC-2019-214
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6c7g-ws6x-yygu |
|
| 15 |
| url |
VCID-6gjt-zsju-47a3 |
| vulnerability_id |
VCID-6gjt-zsju-47a3 |
| summary |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.
Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.
This issue affects Apache Airflow Drill Provider: before 2.4.3.
It is recommended to upgrade to a version that is not affected. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.3 |
| purl |
pkg:pypi/apache-airflow@2.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 16 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 17 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 18 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 19 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 20 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 21 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 22 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 23 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 24 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 25 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 26 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 27 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 28 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 29 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 30 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 31 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 32 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 33 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 34 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 35 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 36 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 37 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 38 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 39 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3 |
|
|
| aliases |
CVE-2023-39553, GHSA-mq4v-6vg4-796c, PYSEC-2023-136
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6gjt-zsju-47a3 |
|
| 16 |
| url |
VCID-6ksf-tekv-dud3 |
| vulnerability_id |
VCID-6ksf-tekv-dud3 |
| summary |
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.6rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.6rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 8 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 9 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 10 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 11 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 12 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 13 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 14 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 15 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 16 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 17 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 18 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 19 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 20 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 21 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 22 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 23 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 24 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 25 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 26 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 27 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 28 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 29 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 30 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 31 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 32 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 33 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 34 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 35 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 36 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 37 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 38 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 39 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 40 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 41 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 42 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 43 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 44 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 45 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 46 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 47 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 48 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 49 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 50 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 51 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 52 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 53 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 54 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 55 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 56 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 57 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 58 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 59 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 60 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 61 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 62 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 63 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 64 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 65 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.6rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.6 |
| purl |
pkg:pypi/apache-airflow@1.10.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 8 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 9 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 10 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 11 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 12 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 13 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 14 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 15 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 16 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 17 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 18 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 19 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 20 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 21 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 22 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 23 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 24 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 25 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 26 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 27 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 28 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 29 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 30 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 31 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 32 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 33 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 34 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 35 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 36 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 37 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 38 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 39 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 40 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 41 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 42 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 43 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 44 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 45 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 46 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 47 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 48 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 49 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 50 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 51 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 52 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 53 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 54 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 55 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 56 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 57 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 58 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 59 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 60 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 61 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 62 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 63 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 64 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 65 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.6 |
|
|
| aliases |
CVE-2019-12417, GHSA-q3p4-gw7r-wqjc, PYSEC-2019-216
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6ksf-tekv-dud3 |
|
| 17 |
| url |
VCID-6vg9-hu9u-q7c3 |
| vulnerability_id |
VCID-6vg9-hu9u-q7c3 |
| summary |
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.2 |
| purl |
pkg:pypi/apache-airflow@2.8.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 3 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 4 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 5 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 6 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 7 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 8 |
| vulnerability |
VCID-e5dn-tpzy-qqec |
|
| 9 |
| vulnerability |
VCID-egd2-gh55-qfgj |
|
| 10 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 11 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 12 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 13 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 14 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 15 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 16 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2 |
|
|
| aliases |
CVE-2024-27906, GHSA-6v6w-h8m6-7mv2, PYSEC-2024-245
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6vg9-hu9u-q7c3 |
|
| 18 |
| url |
VCID-71hr-1ews-9qa6 |
| vulnerability_id |
VCID-71hr-1ews-9qa6 |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 10 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 11 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 12 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 13 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 14 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 15 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 16 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 17 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 18 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 19 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 20 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 21 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 22 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 23 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 24 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 25 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 26 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 27 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 28 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 29 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 30 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 31 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
CVE-2023-35908, GHSA-2h84-3crq-vgfj, PYSEC-2023-119
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-71hr-1ews-9qa6 |
|
| 19 |
| url |
VCID-7zef-tgy9-kkh6 |
| vulnerability_id |
VCID-7zef-tgy9-kkh6 |
| summary |
The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.1 |
| purl |
pkg:pypi/apache-airflow@1.10.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 7 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 8 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 9 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 10 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 11 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 12 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 13 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 14 |
| vulnerability |
VCID-6c7g-ws6x-yygu |
|
| 15 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 16 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 17 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 18 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 19 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 20 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 21 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 22 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 23 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 24 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 25 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 26 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 27 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 28 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 29 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 30 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 31 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 32 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 33 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 34 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 35 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 36 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 37 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 38 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 39 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 40 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 41 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 42 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 43 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 44 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 45 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 46 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 47 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 48 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 49 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 50 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 51 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 52 |
| vulnerability |
VCID-q83y-d2x7-m7hv |
|
| 53 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 54 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 55 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 56 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 57 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 58 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 59 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 60 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 61 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 62 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 63 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 64 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 65 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 66 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 67 |
| vulnerability |
VCID-xunf-mqrn-97f5 |
|
| 68 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 69 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 70 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.1 |
|
|
| aliases |
CVE-2018-20245, GHSA-77rc-x84q-pv4f, PYSEC-2019-143
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7zef-tgy9-kkh6 |
|
| 20 |
| url |
VCID-82kk-s7d6-f7he |
| vulnerability_id |
VCID-82kk-s7d6-f7he |
| summary |
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.13 |
| purl |
pkg:pypi/apache-airflow@1.10.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 25 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 26 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 27 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 28 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 29 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 30 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 31 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 32 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 33 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 34 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 35 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 36 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 37 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 38 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 39 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 40 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 41 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 42 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 43 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 44 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 45 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 46 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 47 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 48 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 49 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 50 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 51 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 52 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 53 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 54 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 55 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13 |
|
|
| aliases |
CVE-2020-17511, GHSA-cvcq-gmc3-q6m8, PYSEC-2020-262
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-82kk-s7d6-f7he |
|
| 21 |
| url |
VCID-835a-arqz-g7h7 |
| vulnerability_id |
VCID-835a-arqz-g7h7 |
| summary |
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.2 |
| purl |
pkg:pypi/apache-airflow@2.8.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 3 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 4 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 5 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 6 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 7 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 8 |
| vulnerability |
VCID-e5dn-tpzy-qqec |
|
| 9 |
| vulnerability |
VCID-egd2-gh55-qfgj |
|
| 10 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 11 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 12 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 13 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 14 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 15 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 16 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2 |
|
|
| aliases |
CVE-2024-26280, GHSA-6xwf-xvf3-v459, PYSEC-2024-42
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-835a-arqz-g7h7 |
|
| 22 |
| url |
VCID-8h35-s38x-buey |
| vulnerability_id |
VCID-8h35-s38x-buey |
| summary |
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.9.0 |
| purl |
pkg:pypi/apache-airflow@1.9.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 7 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 8 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 9 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 10 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 11 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 12 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 13 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 14 |
| vulnerability |
VCID-6c7g-ws6x-yygu |
|
| 15 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 16 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 17 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 18 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 19 |
| vulnerability |
VCID-7zef-tgy9-kkh6 |
|
| 20 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 21 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 22 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 23 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 24 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 25 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 26 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 27 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 28 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 29 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 30 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 31 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 32 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 33 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 34 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 35 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 36 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 37 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 38 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 39 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 40 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 41 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 42 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 43 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 44 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 45 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 46 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 47 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 48 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 49 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 50 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 51 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 52 |
| vulnerability |
VCID-q83y-d2x7-m7hv |
|
| 53 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 54 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 55 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 56 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 57 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 58 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 59 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 60 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 61 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 62 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 63 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 64 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 65 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 66 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 67 |
| vulnerability |
VCID-xunf-mqrn-97f5 |
|
| 68 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 69 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 70 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.9.0 |
|
|
| aliases |
CVE-2017-12614, GHSA-rv25-9wgj-xg75, PYSEC-2018-45
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8h35-s38x-buey |
|
| 23 |
| url |
VCID-91n6-evww-zybp |
| vulnerability_id |
VCID-91n6-evww-zybp |
| summary |
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-30912, GHSA-w7cf-2pmc-5m4c, PYSEC-2026-18
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-91n6-evww-zybp |
|
| 24 |
| url |
VCID-98yf-mvnw-d3b4 |
| vulnerability_id |
VCID-98yf-mvnw-d3b4 |
| summary |
Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.3 |
| purl |
pkg:pypi/apache-airflow@2.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 6 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 7 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 8 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 9 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 10 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 11 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 12 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 13 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 14 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 15 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 16 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 17 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 18 |
| vulnerability |
VCID-t7xp-8ua7-d7ff |
|
| 19 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 20 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 21 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 22 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3 |
|
|
| aliases |
CVE-2023-42781, GHSA-r7x6-xfcm-3mxv, PYSEC-2023-231
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-98yf-mvnw-d3b4 |
|
| 25 |
| url |
VCID-9jm4-t1je-vqhm |
| vulnerability_id |
VCID-9jm4-t1je-vqhm |
| summary |
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.13 |
| purl |
pkg:pypi/apache-airflow@1.10.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 25 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 26 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 27 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 28 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 29 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 30 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 31 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 32 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 33 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 34 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 35 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 36 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 37 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 38 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 39 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 40 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 41 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 42 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 43 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 44 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 45 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 46 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 47 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 48 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 49 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 50 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 51 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 52 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 53 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 54 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 55 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13 |
|
|
| aliases |
CVE-2020-17513, GHSA-6r3p-fcvm-xh7c, PYSEC-2020-20
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9jm4-t1je-vqhm |
|
| 26 |
| url |
VCID-9tq4-v733-hug3 |
| vulnerability_id |
VCID-9tq4-v733-hug3 |
| summary |
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.0.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 25 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 26 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 27 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 28 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 29 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 30 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 31 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 32 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 33 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 34 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 35 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 36 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 37 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 38 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 39 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 40 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 41 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 42 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 43 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 44 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 45 |
| vulnerability |
VCID-rkeh-vuxg-ubgn |
|
| 46 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 47 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 48 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 49 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 50 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 51 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 52 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 53 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 54 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.0.1 |
| purl |
pkg:pypi/apache-airflow@2.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 19 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 20 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 24 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 25 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 26 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 27 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 28 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 29 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 30 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 31 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 32 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 33 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 34 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 35 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 36 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 37 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 38 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 39 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 40 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 41 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 42 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 43 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 44 |
| vulnerability |
VCID-rkeh-vuxg-ubgn |
|
| 45 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 46 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 47 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 48 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 49 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 50 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 51 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 52 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1 |
|
|
| aliases |
CVE-2021-26559, GHSA-ffw3-6mp6-jmvj, PYSEC-2021-2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9tq4-v733-hug3 |
|
| 27 |
| url |
VCID-amac-hqnj-xfgz |
| vulnerability_id |
VCID-amac-hqnj-xfgz |
| summary |
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.8.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 3 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 4 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 5 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 6 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 7 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 8 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 9 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 10 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 11 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 12 |
| vulnerability |
VCID-e5dn-tpzy-qqec |
|
| 13 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 14 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 15 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 16 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 17 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 18 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 19 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.8.1 |
| purl |
pkg:pypi/apache-airflow@2.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 3 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 4 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 5 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 6 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 7 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 8 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 9 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 10 |
| vulnerability |
VCID-e5dn-tpzy-qqec |
|
| 11 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 12 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 13 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 14 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 15 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 16 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 17 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1 |
|
|
| aliases |
CVE-2023-50943, GHSA-c3c6-f2ww-xfr2, PYSEC-2024-13
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-amac-hqnj-xfgz |
|
| 28 |
| url |
VCID-asrx-5a3k-r3gs |
| vulnerability_id |
VCID-asrx-5a3k-r3gs |
| summary |
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.9.0 |
| purl |
pkg:pypi/apache-airflow@1.9.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 7 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 8 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 9 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 10 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 11 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 12 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 13 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 14 |
| vulnerability |
VCID-6c7g-ws6x-yygu |
|
| 15 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 16 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 17 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 18 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 19 |
| vulnerability |
VCID-7zef-tgy9-kkh6 |
|
| 20 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 21 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 22 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 23 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 24 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 25 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 26 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 27 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 28 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 29 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 30 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 31 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 32 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 33 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 34 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 35 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 36 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 37 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 38 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 39 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 40 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 41 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 42 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 43 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 44 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 45 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 46 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 47 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 48 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 49 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 50 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 51 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 52 |
| vulnerability |
VCID-q83y-d2x7-m7hv |
|
| 53 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 54 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 55 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 56 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 57 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 58 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 59 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 60 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 61 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 62 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 63 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 64 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 65 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 66 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 67 |
| vulnerability |
VCID-xunf-mqrn-97f5 |
|
| 68 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 69 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 70 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.9.0 |
|
|
| aliases |
CVE-2017-17835, GHSA-68wv-rjrm-576p, PYSEC-2019-148
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-asrx-5a3k-r3gs |
|
| 29 |
| url |
VCID-b3w3-h9cm-ufgm |
| vulnerability_id |
VCID-b3w3-h9cm-ufgm |
| summary |
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0
This issue affects Apache Airflow: before 2.6.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.0b1 |
| purl |
pkg:pypi/apache-airflow@2.6.0b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 16 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 17 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 18 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 19 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 20 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 21 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 22 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 23 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 24 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 25 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 26 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 27 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 28 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 29 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 30 |
| vulnerability |
VCID-q4rb-1yt3-rqdk |
|
| 31 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 32 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 33 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 34 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 35 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 36 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 37 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 38 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 39 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.6.0 |
| purl |
pkg:pypi/apache-airflow@2.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 16 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 17 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 18 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 19 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 20 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 21 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 22 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 23 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 24 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 25 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 26 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 27 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 28 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 29 |
| vulnerability |
VCID-q4rb-1yt3-rqdk |
|
| 30 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 31 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 32 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 33 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 34 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 35 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 36 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 37 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0 |
|
|
| aliases |
CVE-2023-39508, GHSA-269x-pg5c-5xgm, PYSEC-2023-134
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b3w3-h9cm-ufgm |
|
| 30 |
| url |
VCID-bwd5-3jt5-pyb8 |
| vulnerability_id |
VCID-bwd5-3jt5-pyb8 |
| summary |
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.11rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 20 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 21 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 22 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 23 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 24 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 25 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 26 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 27 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 28 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 29 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 30 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 31 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 32 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 33 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 34 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 35 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 36 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 37 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 38 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 39 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 40 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 41 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 42 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 43 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 44 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 45 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 46 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 47 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 48 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 49 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 50 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 51 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 52 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 53 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 54 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 55 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 56 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 57 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 58 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 59 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 60 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 61 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 62 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 63 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.11 |
| purl |
pkg:pypi/apache-airflow@1.10.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 20 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 21 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 22 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 23 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 24 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 25 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 26 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 27 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 28 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 29 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 30 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 31 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 32 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 33 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 34 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 35 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 36 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 37 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 38 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 39 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 40 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 41 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 42 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 43 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 44 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 45 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 46 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 47 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 48 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 49 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 50 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 51 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 52 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 53 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 54 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 55 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 56 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 57 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 58 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 59 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11 |
|
|
| aliases |
CVE-2020-11983, GHSA-q4p3-qw5c-mhpc, PYSEC-2020-17
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bwd5-3jt5-pyb8 |
|
| 31 |
| url |
VCID-cahz-4dy7-bbe9 |
| vulnerability_id |
VCID-cahz-4dy7-bbe9 |
| summary |
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).
With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.
Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.0rc2 |
| purl |
pkg:pypi/apache-airflow@2.7.0rc2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 10 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 11 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 12 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 13 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 14 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 15 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 16 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 17 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 18 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 19 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 20 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 21 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 22 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 23 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 24 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 25 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 26 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 27 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 28 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 29 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 30 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 31 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0rc2 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.7.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.7.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1jx5-34px-ukbz |
|
| 1 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 6 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 7 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 8 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 9 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 16 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 17 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 18 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 19 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 20 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 21 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 22 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 23 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 24 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 25 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 26 |
| vulnerability |
VCID-t7xp-8ua7-d7ff |
|
| 27 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 28 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 29 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 30 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1rc1 |
|
|
| aliases |
CVE-2023-40273, GHSA-pm87-24wq-r8w9, PYSEC-2023-158
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cahz-4dy7-bbe9 |
|
| 32 |
| url |
VCID-dh4r-77xc-cbas |
| vulnerability_id |
VCID-dh4r-77xc-cbas |
| summary |
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.
This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.1 |
| purl |
pkg:pypi/apache-airflow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2b14-1bp2-gua6 |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-5hxx-r2d2-9ybk |
|
| 4 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 5 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 6 |
| vulnerability |
VCID-9j1n-cypf-p7g5 |
|
| 7 |
| vulnerability |
VCID-9ru4-qyks-hybs |
|
| 8 |
| vulnerability |
VCID-dhj9-usjr-nbfe |
|
| 9 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 10 |
| vulnerability |
VCID-dzfs-e5ys-fbhz |
|
| 11 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 12 |
| vulnerability |
VCID-etmw-7eq5-mqa2 |
|
| 13 |
| vulnerability |
VCID-ezmu-8g1y-e3hz |
|
| 14 |
| vulnerability |
VCID-geg4-1kgh-akde |
|
| 15 |
| vulnerability |
VCID-hkwf-65vr-dkfz |
|
| 16 |
| vulnerability |
VCID-knrd-atwy-gubn |
|
| 17 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 18 |
| vulnerability |
VCID-snqz-3f8t-syhd |
|
| 19 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 20 |
| vulnerability |
VCID-tbb9-myv7-a7h4 |
|
| 21 |
| vulnerability |
VCID-w56f-fmkf-dkfv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1 |
|
|
| aliases |
CVE-2023-25693, GHSA-j69x-v4wc-3fpf, PYSEC-2023-314
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dh4r-77xc-cbas |
|
| 33 |
| url |
VCID-djdy-z9r3-s3a2 |
| vulnerability_id |
VCID-djdy-z9r3-s3a2 |
| summary |
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `revoke_token()` call, so the JWT remained accepted by the API server until its natural expiry. An attacker holding a previously-issued JWT for a logged-out user could continue to make authenticated API calls as that user. Affects deployments configured with `FabAuthManager` or `KeycloakAuthManager` (the bug does not affect SimpleAuthManager). This is a residual gap in the fix for CVE-2025-57735, which addressed cookie-side invalidation in PR #57992 / PR #61339 but did not cover the provider-side `revoke_token()` reachability in the FAB / Keycloak code paths. Users who already upgraded for CVE-2025-57735 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the FAB / Keycloak logout paths. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-48726, PYSEC-2026-187
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-djdy-z9r3-s3a2 |
|
| 34 |
| url |
VCID-due7-n14c-akfx |
| vulnerability_id |
VCID-due7-n14c-akfx |
| summary |
If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.1.2 |
| purl |
pkg:pypi/apache-airflow@2.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 19 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 20 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 24 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 25 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 26 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 27 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 28 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 29 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 30 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 31 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 32 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 33 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 34 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 35 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 36 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 37 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 38 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 39 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 40 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 41 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 42 |
| vulnerability |
VCID-rkeh-vuxg-ubgn |
|
| 43 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 44 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 45 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 46 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 47 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 48 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 49 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 50 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.1.2 |
|
|
| aliases |
CVE-2021-35936, GHSA-m6h2-jx9v-58w6, PYSEC-2021-122
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-due7-n14c-akfx |
|
| 35 |
| url |
VCID-e737-kzbj-37gg |
| vulnerability_id |
VCID-e737-kzbj-37gg |
| summary |
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.9.0 |
| purl |
pkg:pypi/apache-airflow@1.9.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 7 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 8 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 9 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 10 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 11 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 12 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 13 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 14 |
| vulnerability |
VCID-6c7g-ws6x-yygu |
|
| 15 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 16 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 17 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 18 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 19 |
| vulnerability |
VCID-7zef-tgy9-kkh6 |
|
| 20 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 21 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 22 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 23 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 24 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 25 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 26 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 27 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 28 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 29 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 30 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 31 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 32 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 33 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 34 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 35 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 36 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 37 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 38 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 39 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 40 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 41 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 42 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 43 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 44 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 45 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 46 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 47 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 48 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 49 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 50 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 51 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 52 |
| vulnerability |
VCID-q83y-d2x7-m7hv |
|
| 53 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 54 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 55 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 56 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 57 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 58 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 59 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 60 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 61 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 62 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 63 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 64 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 65 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 66 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 67 |
| vulnerability |
VCID-xunf-mqrn-97f5 |
|
| 68 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 69 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 70 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.9.0 |
|
|
| aliases |
CVE-2017-17836, GHSA-9gqg-3fxr-9hv7, PYSEC-2019-149
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e737-kzbj-37gg |
|
| 36 |
| url |
VCID-ej1r-mp6n-gudd |
| vulnerability_id |
VCID-ej1r-mp6n-gudd |
| summary |
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's `extra` JSON blob under field names not present in the redaction allowlist (`DEFAULT_SENSITIVE_FIELDS`) — for example, official Slack-provider credential field names were returned in plaintext. Affects deployments that store credentials in Connection `extra` blobs and grant Connection-read access to multiple users. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can store sensitive credential values in a secret-backend rather than inlined into the Connection's `extra` field. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-45192, PYSEC-2026-173
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ej1r-mp6n-gudd |
|
| 37 |
| url |
VCID-ez45-qkb4-xkba |
| vulnerability_id |
VCID-ez45-qkb4-xkba |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 10 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 11 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 12 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 13 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 14 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 15 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 16 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 17 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 18 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 19 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 20 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 21 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 22 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 23 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 24 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 25 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 26 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 27 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 28 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 29 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 30 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 31 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
CVE-2022-46651, GHSA-xvw9-3mhm-xjqq, PYSEC-2023-103
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ez45-qkb4-xkba |
|
| 38 |
| url |
VCID-fbjk-2uvy-mqfc |
| vulnerability_id |
VCID-fbjk-2uvy-mqfc |
| summary |
We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.
Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.3 or later which has removed the vulnerability. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.3 |
| purl |
pkg:pypi/apache-airflow@2.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 6 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 7 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 8 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 9 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 10 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 11 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 12 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 13 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 14 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 15 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 16 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 17 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 18 |
| vulnerability |
VCID-t7xp-8ua7-d7ff |
|
| 19 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 20 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 21 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 22 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3 |
|
|
| aliases |
CVE-2023-47037, GHSA-hm9r-7f84-25c9, PYSEC-2023-232
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fbjk-2uvy-mqfc |
|
| 39 |
| url |
VCID-frbp-mhhr-8bdt |
| vulnerability_id |
VCID-frbp-mhhr-8bdt |
| summary |
Edge3 Worker RPC RCE on Airflow 2.
This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.
The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.
If you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.
If you used Edge Provider in Airflow 3, you are not affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.0 |
| purl |
pkg:pypi/apache-airflow@2.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 25 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 26 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 27 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 28 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 29 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 30 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 31 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 32 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 33 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 34 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 35 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 36 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 37 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 38 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 39 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 40 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 41 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 42 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 43 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 44 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 45 |
| vulnerability |
VCID-rkeh-vuxg-ubgn |
|
| 46 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 47 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 48 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 49 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 50 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 51 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 52 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 53 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 54 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0 |
|
|
| aliases |
CVE-2025-67895, GHSA-66h8-3g48-6hx8, PYSEC-2025-87
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-frbp-mhhr-8bdt |
|
| 40 |
| url |
VCID-gz6e-b7dz-5qdf |
| vulnerability_id |
VCID-gz6e-b7dz-5qdf |
| summary |
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
5.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.4 |
| purl |
pkg:pypi/apache-airflow@2.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4bps-htex-tqgk |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 7 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 8 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 9 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 10 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 11 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 12 |
| vulnerability |
VCID-6pk8-baws-e3dt |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 19 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 20 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 24 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 25 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 26 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 27 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 28 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 29 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 30 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 31 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 32 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 33 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 34 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 35 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 36 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 37 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 38 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 39 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 40 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 41 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 42 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 43 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 44 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 45 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.4 |
|
|
| aliases |
CVE-2022-38170, GHSA-q8h9-pqcx-59hw, PYSEC-2022-261
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gz6e-b7dz-5qdf |
|
| 41 |
| url |
VCID-h6sp-398p-pbeg |
| vulnerability_id |
VCID-h6sp-398p-pbeg |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 10 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 11 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 12 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 13 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 14 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 15 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 16 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 17 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 18 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 19 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 20 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 21 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 22 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 23 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 24 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 25 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 26 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 27 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 28 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 29 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 30 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 31 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
CVE-2023-22887, GHSA-ggwr-4vr8-g7wv, PYSEC-2023-104
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h6sp-398p-pbeg |
|
| 42 |
| url |
VCID-hah6-e5fc-juc5 |
| vulnerability_id |
VCID-hah6-e5fc-juc5 |
| summary |
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.5.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.5.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 16 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 17 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 18 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 19 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 20 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 21 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 22 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 23 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 24 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 25 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 26 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 27 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 28 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 29 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 30 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 31 |
| vulnerability |
VCID-q4rb-1yt3-rqdk |
|
| 32 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 33 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 34 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 35 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 36 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 37 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 38 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 39 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 40 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.5.2 |
| purl |
pkg:pypi/apache-airflow@2.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 16 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 17 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 18 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 19 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 20 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 21 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 22 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 23 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 24 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 25 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 26 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 27 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 28 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 29 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 30 |
| vulnerability |
VCID-q4rb-1yt3-rqdk |
|
| 31 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 32 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 33 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 34 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 35 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 36 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 37 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 38 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 39 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2 |
|
|
| aliases |
CVE-2023-25695, GHSA-h6g5-wqqr-3mw3, PYSEC-2023-2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hah6-e5fc-juc5 |
|
| 43 |
| url |
VCID-hy75-nfg7-zfae |
| vulnerability_id |
VCID-hy75-nfg7-zfae |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 10 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 11 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 12 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 13 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 14 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 15 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 16 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 17 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 18 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 19 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 20 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 21 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 22 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 23 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 24 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 25 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 26 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 27 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 28 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 29 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 30 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 31 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
CVE-2023-22888, GHSA-5946-8p38-vffp, PYSEC-2023-105
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hy75-nfg7-zfae |
|
| 44 |
| url |
VCID-j86y-n37n-n7ft |
| vulnerability_id |
VCID-j86y-n37n-n7ft |
| summary |
Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.
This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2
Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.0 |
| purl |
pkg:pypi/apache-airflow@2.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 3 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 4 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 5 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 6 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 7 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 8 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 9 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 10 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 11 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 12 |
| vulnerability |
VCID-e5dn-tpzy-qqec |
|
| 13 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 14 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 15 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 16 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 17 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 18 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 19 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0 |
|
|
| aliases |
CVE-2023-48291, GHSA-8f57-wcmg-4jmh, PYSEC-2023-265
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j86y-n37n-n7ft |
|
| 45 |
| url |
VCID-jq98-gxbc-pydt |
| vulnerability_id |
VCID-jq98-gxbc-pydt |
| summary |
An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.11rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 20 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 21 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 22 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 23 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 24 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 25 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 26 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 27 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 28 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 29 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 30 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 31 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 32 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 33 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 34 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 35 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 36 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 37 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 38 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 39 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 40 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 41 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 42 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 43 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 44 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 45 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 46 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 47 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 48 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 49 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 50 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 51 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 52 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 53 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 54 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 55 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 56 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 57 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 58 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 59 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 60 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 61 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 62 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 63 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.11 |
| purl |
pkg:pypi/apache-airflow@1.10.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 20 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 21 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 22 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 23 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 24 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 25 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 26 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 27 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 28 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 29 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 30 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 31 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 32 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 33 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 34 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 35 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 36 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 37 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 38 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 39 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 40 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 41 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 42 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 43 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 44 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 45 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 46 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 47 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 48 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 49 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 50 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 51 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 52 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 53 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 54 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 55 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 56 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 57 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 58 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 59 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11 |
|
|
| aliases |
CVE-2020-9485, GHSA-j38c-25fj-mr84, PYSEC-2020-23
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jq98-gxbc-pydt |
|
| 46 |
| url |
VCID-kh46-xrgm-9udx |
| vulnerability_id |
VCID-kh46-xrgm-9udx |
| summary |
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 6 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 7 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 8 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 9 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 10 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 11 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 12 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 13 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 14 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 15 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 16 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 17 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 18 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 19 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 20 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 24 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 25 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 26 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 27 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 28 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 29 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 30 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 31 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 32 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 33 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 34 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 35 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 36 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 37 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 38 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 39 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 40 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 41 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 42 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 43 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 44 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.4.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 6 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 7 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 8 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 9 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 10 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 11 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 12 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 13 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 14 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 15 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 16 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 17 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 18 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 19 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 20 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 24 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 25 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 26 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 27 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 28 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 29 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 30 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 31 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 32 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 33 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 34 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 35 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 36 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 37 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 38 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 39 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 40 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 41 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 42 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 43 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1 |
|
|
| aliases |
CVE-2022-41672, GHSA-3q8r-f3pj-3gc4, PYSEC-2022-42983
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kh46-xrgm-9udx |
|
| 47 |
| url |
VCID-ks8d-9vr8-4feh |
| vulnerability_id |
VCID-ks8d-9vr8-4feh |
| summary |
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336). |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.15 |
| purl |
pkg:pypi/apache-airflow@1.10.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 25 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 26 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 27 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 28 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 29 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 30 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 31 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 32 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 33 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 34 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 35 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 36 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 37 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 38 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 39 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 40 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 41 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 42 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 43 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 44 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 45 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 46 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 47 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 48 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 49 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 50 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 51 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 52 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 53 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.15 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.0.2 |
| purl |
pkg:pypi/apache-airflow@2.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 19 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 20 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 24 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 25 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 26 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 27 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 28 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 29 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 30 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 31 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 32 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 33 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 34 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 35 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 36 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 37 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 38 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 39 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 40 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 41 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 42 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 43 |
| vulnerability |
VCID-rkeh-vuxg-ubgn |
|
| 44 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 45 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 46 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 47 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 48 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 49 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 50 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 51 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2 |
|
|
| aliases |
CVE-2021-28359, GHSA-3xxv-p78r-4fc6, PYSEC-2021-4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ks8d-9vr8-4feh |
|
| 48 |
| url |
VCID-mcbu-b45m-k3ck |
| vulnerability_id |
VCID-mcbu-b45m-k3ck |
| summary |
Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.
Users should upgrade to 2.10.0 or later, which fixes this vulnerability. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-41937, GHSA-w7cp-g8v7-r54m, PYSEC-2024-181
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mcbu-b45m-k3ck |
|
| 49 |
| url |
VCID-njyy-ywer-x7bf |
| vulnerability_id |
VCID-njyy-ywer-x7bf |
| summary |
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.
Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.2 |
| purl |
pkg:pypi/apache-airflow@2.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 6 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 7 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 8 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 9 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 10 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 11 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 12 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 13 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 14 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 15 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 16 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 17 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 18 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 19 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 20 |
| vulnerability |
VCID-t7xp-8ua7-d7ff |
|
| 21 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 22 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 23 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 24 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2 |
|
|
| aliases |
CVE-2023-42792, GHSA-j3w8-2p2h-mrr9, PYSEC-2023-203
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-njyy-ywer-x7bf |
|
| 50 |
| url |
VCID-p9we-cpy2-17h4 |
| vulnerability_id |
VCID-p9we-cpy2-17h4 |
| summary |
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.11rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 20 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 21 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 22 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 23 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 24 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 25 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 26 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 27 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 28 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 29 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 30 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 31 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 32 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 33 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 34 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 35 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 36 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 37 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 38 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 39 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 40 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 41 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 42 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 43 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 44 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 45 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 46 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 47 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 48 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 49 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 50 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 51 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 52 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 53 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 54 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 55 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 56 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 57 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 58 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 59 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 60 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 61 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 62 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 63 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.11 |
| purl |
pkg:pypi/apache-airflow@1.10.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 20 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 21 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 22 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 23 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 24 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 25 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 26 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 27 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 28 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 29 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 30 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 31 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 32 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 33 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 34 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 35 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 36 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 37 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 38 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 39 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 40 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 41 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 42 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 43 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 44 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 45 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 46 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 47 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 48 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 49 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 50 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 51 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 52 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 53 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 54 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 55 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 56 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 57 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 58 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 59 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11 |
|
|
| aliases |
CVE-2020-11982, GHSA-9g2w-5f3v-mfmm, PYSEC-2020-16
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p9we-cpy2-17h4 |
|
| 51 |
| url |
VCID-pe8h-9hgu-j3hx |
| vulnerability_id |
VCID-pe8h-9hgu-j3hx |
| summary |
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.13 |
| purl |
pkg:pypi/apache-airflow@1.10.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 25 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 26 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 27 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 28 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 29 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 30 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 31 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 32 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 33 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 34 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 35 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 36 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 37 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 38 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 39 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 40 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 41 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 42 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 43 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 44 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 45 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 46 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 47 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 48 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 49 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 50 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 51 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 52 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 53 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 54 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 55 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.15rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.15rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 25 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 26 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 27 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 28 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 29 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 30 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 31 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 32 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 33 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 34 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 35 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 36 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 37 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 38 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 39 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 40 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 41 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 42 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 43 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 44 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 45 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 46 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 47 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 48 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 49 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 50 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 51 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 52 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 53 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 54 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.15rc1 |
|
| 2 |
| url |
pkg:pypi/apache-airflow@2.0.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.0.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 19 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 20 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 24 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 25 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 26 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 27 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 28 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 29 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 30 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 31 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 32 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 33 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 34 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 35 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 36 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 37 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 38 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 39 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 40 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 41 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 42 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 43 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 44 |
| vulnerability |
VCID-rkeh-vuxg-ubgn |
|
| 45 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 46 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 47 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 48 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 49 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 50 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 51 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 52 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2rc1 |
|
|
| aliases |
CVE-2020-17515, GHSA-86vp-x3pr-79rx, PYSEC-2020-21
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pe8h-9hgu-j3hx |
|
| 52 |
| url |
VCID-pu6f-xhvm-q3du |
| vulnerability_id |
VCID-pu6f-xhvm-q3du |
| summary |
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be bypassed when the rendered field exceeded `[core] max_templated_field_length`: Airflow stringified the structure before redaction, losing the nested key context, and persisted the plaintext value into `rendered_fields`. An authenticated UI/API user with permission to read rendered template fields could harvest secret values intended to be masked. Affects deployments where Dag authors pass structured JSON to operators with nested sensitive keys. This is a variant of `CWE-200` previously addressed for the user-registered `mask_secret()` patterns in CVE-2025-68438; that fix did not cover the nested sensitive-keyword allowlist. Users who already upgraded for CVE-2025-68438 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the nested-key path. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-42360, PYSEC-2026-172
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pu6f-xhvm-q3du |
|
| 53 |
| url |
VCID-pybp-gfy8-2qcr |
| vulnerability_id |
VCID-pybp-gfy8-2qcr |
| summary |
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.2.4 |
| purl |
pkg:pypi/apache-airflow@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 6 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 7 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 8 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 9 |
| vulnerability |
VCID-5nys-mzgw-4khd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 19 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 20 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 24 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 25 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 26 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 27 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 28 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 29 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 30 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 31 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 32 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 33 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 34 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 35 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 36 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 37 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 38 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 39 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 40 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 41 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 42 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 43 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 44 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 45 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 46 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 47 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4 |
|
|
| aliases |
CVE-2022-24288, GHSA-3v7g-4pg3-7r6j, PYSEC-2022-30
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pybp-gfy8-2qcr |
|
| 54 |
| url |
VCID-pypb-cezm-rkb2 |
| vulnerability_id |
VCID-pypb-cezm-rkb2 |
| summary |
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.1 or later which has removed the vulnerability. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.1 |
| purl |
pkg:pypi/apache-airflow@2.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1jx5-34px-ukbz |
|
| 1 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 6 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 7 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 10 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 11 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 12 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 13 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 14 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 15 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 16 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 17 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 18 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 19 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 20 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 21 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 22 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 23 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 24 |
| vulnerability |
VCID-t7xp-8ua7-d7ff |
|
| 25 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 26 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 27 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 28 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1 |
|
|
| aliases |
CVE-2023-40611, GHSA-wpg8-mf6h-gm92, PYSEC-2023-170
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pypb-cezm-rkb2 |
|
| 55 |
| url |
VCID-q83y-d2x7-m7hv |
| vulnerability_id |
VCID-q83y-d2x7-m7hv |
| summary |
A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.3b1 |
| purl |
pkg:pypi/apache-airflow@1.10.3b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 7 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 8 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 9 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 10 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 11 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 12 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 13 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 14 |
| vulnerability |
VCID-6c7g-ws6x-yygu |
|
| 15 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 16 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 17 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 18 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 19 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 20 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 21 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 22 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 23 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 24 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 25 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 26 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 27 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 28 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 29 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 30 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 31 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 32 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 33 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 34 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 35 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 36 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 37 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 38 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 39 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 40 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 41 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 42 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 43 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 44 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 45 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 46 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 47 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 48 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 49 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 50 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 51 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 52 |
| vulnerability |
VCID-q83y-d2x7-m7hv |
|
| 53 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 54 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 55 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 56 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 57 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 58 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 59 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 60 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 61 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 62 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 63 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 64 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 65 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 66 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 67 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 68 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 69 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.3b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.3 |
| purl |
pkg:pypi/apache-airflow@1.10.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 7 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 8 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 9 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 10 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 11 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 12 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 13 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 14 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 15 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 16 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 17 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 18 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 19 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 20 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 21 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 22 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 23 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 24 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 25 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 26 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 27 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 28 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 29 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 30 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 31 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 32 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 33 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 34 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 35 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 36 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 37 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 38 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 39 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 40 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 41 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 42 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 43 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 44 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 45 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 46 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 47 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 48 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 49 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 50 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 51 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 52 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 53 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 54 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 55 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 56 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 57 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 58 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 59 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 60 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 61 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 62 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 63 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 64 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 65 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 66 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 67 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.3 |
|
|
| aliases |
CVE-2019-0229, GHSA-w6j4-3gh2-9f5j, PYSEC-2019-215
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q83y-d2x7-m7hv |
|
| 56 |
| url |
VCID-q84t-8dac-93dm |
| vulnerability_id |
VCID-q84t-8dac-93dm |
| summary |
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.0 |
| purl |
pkg:pypi/apache-airflow@2.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 6 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 7 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 8 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 9 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 10 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 11 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 12 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 13 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 14 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 15 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 16 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 17 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 18 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 19 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 20 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 24 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 25 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 26 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 27 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 28 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 29 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 30 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 31 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 32 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 33 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 34 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 35 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 36 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 37 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 38 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 39 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 40 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 41 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 42 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 43 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 44 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.0 |
|
|
| aliases |
CVE-2022-40127, GHSA-6pw3-8h9w-32gc, PYSEC-2022-42982
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q84t-8dac-93dm |
|
| 57 |
| url |
VCID-qehu-58hj-67gn |
| vulnerability_id |
VCID-qehu-58hj-67gn |
| summary |
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.3 |
| purl |
pkg:pypi/apache-airflow@2.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 16 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 17 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 18 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 19 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 20 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 21 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 22 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 23 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 24 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 25 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 26 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 27 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 28 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 29 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 30 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 31 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 32 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 33 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 34 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 35 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 36 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 37 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 38 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 39 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3 |
|
|
| aliases |
CVE-2022-45402, GHSA-rg94-84xj-7gq3, PYSEC-2022-42984
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qehu-58hj-67gn |
|
| 58 |
| url |
VCID-qmpd-946c-gqbc |
| vulnerability_id |
VCID-qmpd-946c-gqbc |
| summary |
Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.0b1 |
| purl |
pkg:pypi/apache-airflow@2.6.0b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 16 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 17 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 18 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 19 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 20 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 21 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 22 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 23 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 24 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 25 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 26 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 27 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 28 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 29 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 30 |
| vulnerability |
VCID-q4rb-1yt3-rqdk |
|
| 31 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 32 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 33 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 34 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 35 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 36 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 37 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 38 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 39 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.6.0 |
| purl |
pkg:pypi/apache-airflow@2.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 16 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 17 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 18 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 19 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 20 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 21 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 22 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 23 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 24 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 25 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 26 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 27 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 28 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 29 |
| vulnerability |
VCID-q4rb-1yt3-rqdk |
|
| 30 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 31 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 32 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 33 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 34 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 35 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 36 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 37 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0 |
|
|
| aliases |
CVE-2023-25754, GHSA-jchm-fm4q-c2fp, PYSEC-2023-59
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qmpd-946c-gqbc |
|
| 59 |
| url |
VCID-qr9h-6dg8-gkh3 |
| vulnerability_id |
VCID-qr9h-6dg8-gkh3 |
| summary |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.2 |
| purl |
pkg:pypi/apache-airflow@2.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4bps-htex-tqgk |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 7 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 8 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 9 |
| vulnerability |
VCID-5nys-mzgw-4khd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6pk8-baws-e3dt |
|
| 14 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 15 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 25 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 26 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 27 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 28 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 29 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 30 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 31 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 32 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 33 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 34 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 35 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 36 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 37 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 38 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 39 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 40 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 41 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 42 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 43 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 44 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 45 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 46 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 47 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.2 |
|
|
| aliases |
CVE-2023-28707, GHSA-85pf-r4c7-3j9r, PYSEC-2023-3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qr9h-6dg8-gkh3 |
|
| 60 |
| url |
VCID-quaj-w9r3-qya8 |
| vulnerability_id |
VCID-quaj-w9r3-qya8 |
| summary |
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11 |
| purl |
pkg:pypi/apache-airflow@1.10.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 20 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 21 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 22 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 23 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 24 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 25 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 26 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 27 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 28 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 29 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 30 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 31 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 32 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 33 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 34 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 35 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 36 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 37 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 38 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 39 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 40 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 41 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 42 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 43 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 44 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 45 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 46 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 47 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 48 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 49 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 50 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 51 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 52 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 53 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 54 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 55 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 56 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 57 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 58 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 59 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11 |
|
|
| aliases |
CVE-2020-13927, GHSA-hhx9-p69v-cx2j, PYSEC-2020-18
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-quaj-w9r3-qya8 |
|
| 61 |
| url |
VCID-reu2-2xcq-fqa4 |
| vulnerability_id |
VCID-reu2-2xcq-fqa4 |
| summary |
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.12 |
| purl |
pkg:pypi/apache-airflow@1.10.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 20 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 21 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 22 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 23 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 24 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 25 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 26 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 27 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 28 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 29 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 30 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 31 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 32 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 33 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 34 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 35 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 36 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 37 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 38 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 39 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 40 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 41 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 42 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 43 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 44 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 45 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 46 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 47 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 48 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 49 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 50 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 51 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 52 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 53 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 54 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 55 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 56 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 57 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 58 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.12 |
|
|
| aliases |
CVE-2020-13944, GHSA-4pwq-fj89-6rjc, PYSEC-2020-19
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-reu2-2xcq-fqa4 |
|
| 62 |
| url |
VCID-ryct-uaw3-fyfc |
| vulnerability_id |
VCID-ryct-uaw3-fyfc |
| summary |
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.
Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
7.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.0b1 |
| purl |
pkg:pypi/apache-airflow@2.7.0b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 10 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 11 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 12 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 13 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 14 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 15 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 16 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 17 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 18 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 19 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 20 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 21 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 22 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 23 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 24 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 25 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 26 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 27 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 28 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 29 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 30 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 31 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.7.0 |
| purl |
pkg:pypi/apache-airflow@2.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1jx5-34px-ukbz |
|
| 1 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 4 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 5 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 6 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 7 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 8 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 9 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-c5dx-r8gh-93fm |
|
| 16 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 17 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 18 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 19 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 20 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 21 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 22 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 23 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 24 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 25 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 26 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 27 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 28 |
| vulnerability |
VCID-t7xp-8ua7-d7ff |
|
| 29 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 30 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 31 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 32 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0 |
|
|
| aliases |
CVE-2023-37379, GHSA-x2mh-8fmc-rqgh, PYSEC-2023-152
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ryct-uaw3-fyfc |
|
| 63 |
| url |
VCID-suwt-h1ze-mydu |
| vulnerability_id |
VCID-suwt-h1ze-mydu |
| summary |
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.0 |
| purl |
pkg:pypi/apache-airflow@2.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 10 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 11 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 12 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 13 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 14 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 15 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 16 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 17 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 18 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 19 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 20 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 21 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 22 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 23 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 24 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 25 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 26 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 27 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 28 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 29 |
| vulnerability |
VCID-q4rb-1yt3-rqdk |
|
| 30 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 31 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 32 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 33 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 34 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 35 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 36 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 37 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0 |
|
|
| aliases |
CVE-2023-29247, GHSA-vcf6-3wv2-5vcr, PYSEC-2023-60
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-suwt-h1ze-mydu |
|
| 64 |
| url |
VCID-t3ap-dzfp-1bd6 |
| vulnerability_id |
VCID-t3ap-dzfp-1bd6 |
| summary |
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.
Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@3.1.6 |
| purl |
pkg:pypi/apache-airflow@3.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2b14-1bp2-gua6 |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-5hxx-r2d2-9ybk |
|
| 4 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 5 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 6 |
| vulnerability |
VCID-9j1n-cypf-p7g5 |
|
| 7 |
| vulnerability |
VCID-9ru4-qyks-hybs |
|
| 8 |
| vulnerability |
VCID-dhj9-usjr-nbfe |
|
| 9 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 10 |
| vulnerability |
VCID-dzfs-e5ys-fbhz |
|
| 11 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 12 |
| vulnerability |
VCID-etmw-7eq5-mqa2 |
|
| 13 |
| vulnerability |
VCID-geg4-1kgh-akde |
|
| 14 |
| vulnerability |
VCID-hkwf-65vr-dkfz |
|
| 15 |
| vulnerability |
VCID-knrd-atwy-gubn |
|
| 16 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 17 |
| vulnerability |
VCID-tbb9-myv7-a7h4 |
|
| 18 |
| vulnerability |
VCID-w56f-fmkf-dkfv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6 |
|
|
| aliases |
CVE-2025-68675, GHSA-7c2f-r6gc-h92h, PYSEC-2026-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t3ap-dzfp-1bd6 |
|
| 65 |
| url |
VCID-t476-g5u5-1yeh |
| vulnerability_id |
VCID-t476-g5u5-1yeh |
| summary |
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.2 |
| purl |
pkg:pypi/apache-airflow@2.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 6 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 7 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 8 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 9 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 10 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 11 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 12 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 13 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 14 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 15 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 16 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 17 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 18 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 19 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 20 |
| vulnerability |
VCID-t7xp-8ua7-d7ff |
|
| 21 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 22 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 23 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 24 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2 |
|
|
| aliases |
CVE-2023-42780, GHSA-cgx2-rrmr-jx43, PYSEC-2023-202
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t476-g5u5-1yeh |
|
| 66 |
| url |
VCID-trd4-8vc9-ufab |
| vulnerability_id |
VCID-trd4-8vc9-ufab |
| summary |
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
|
| 1 |
| value |
8.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.14 |
| purl |
pkg:pypi/apache-airflow@1.10.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 25 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 26 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 27 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 28 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 29 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 30 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 31 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 32 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 33 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 34 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 35 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 36 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 37 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 38 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 39 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 40 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 41 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 42 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 43 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 44 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 45 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 46 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 47 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 48 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 49 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 50 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 51 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 52 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 53 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 54 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.14 |
|
|
| aliases |
CVE-2020-17526, GHSA-7mx5-x372-xh87, PYSEC-2020-22
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-trd4-8vc9-ufab |
|
| 67 |
| url |
VCID-u5wv-47m4-8yd6 |
| vulnerability_id |
VCID-u5wv-47m4-8yd6 |
| summary |
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-45784, GHSA-46c3-5xc5-wwhv, PYSEC-2024-182
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u5wv-47m4-8yd6 |
|
| 68 |
| url |
VCID-x9ns-34nt-gfer |
| vulnerability_id |
VCID-x9ns-34nt-gfer |
| summary |
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.
Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.
This issue affects Apache Airflow: before 2.9.2.
Users are recommended to upgrade to version 2.9.2, which fixes the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.9.2 |
| purl |
pkg:pypi/apache-airflow@2.9.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 3 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 4 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 5 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 6 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 7 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 8 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 9 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 10 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 11 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 12 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 13 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.2 |
|
|
| aliases |
CVE-2024-25142, GHSA-9xpj-62mm-24h2, PYSEC-2024-195
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x9ns-34nt-gfer |
|
| 69 |
| url |
VCID-xh7u-8ze6-cqhk |
| vulnerability_id |
VCID-xh7u-8ze6-cqhk |
| summary |
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 3 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 4 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 5 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 6 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 7 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 8 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 9 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 10 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 11 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 12 |
| vulnerability |
VCID-a64u-53x6-dfge |
|
| 13 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 14 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 15 |
| vulnerability |
VCID-csqr-pdvv-gfbh |
|
| 16 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 17 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 18 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 19 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 20 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 21 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 22 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 23 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 24 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 25 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 26 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 27 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 28 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 29 |
| vulnerability |
VCID-wb11-e3rz-e3cf |
|
| 30 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 31 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
CVE-2023-36543, GHSA-3h4m-m55v-gx4m, PYSEC-2023-106
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xh7u-8ze6-cqhk |
|
| 70 |
| url |
VCID-xt2u-n7bw-nben |
| vulnerability_id |
VCID-xt2u-n7bw-nben |
| summary |
In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.9.0 |
| purl |
pkg:pypi/apache-airflow@1.9.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 7 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 8 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 9 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 10 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 11 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 12 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 13 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 14 |
| vulnerability |
VCID-6c7g-ws6x-yygu |
|
| 15 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 16 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 17 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 18 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 19 |
| vulnerability |
VCID-7zef-tgy9-kkh6 |
|
| 20 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 21 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 22 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 23 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 24 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 25 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 26 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 27 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 28 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 29 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 30 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 31 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 32 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 33 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 34 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 35 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 36 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 37 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 38 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 39 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 40 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 41 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 42 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 43 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 44 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 45 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 46 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 47 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 48 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 49 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 50 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 51 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 52 |
| vulnerability |
VCID-q83y-d2x7-m7hv |
|
| 53 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 54 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 55 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 56 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 57 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 58 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 59 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 60 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 61 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 62 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 63 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 64 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 65 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 66 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 67 |
| vulnerability |
VCID-xunf-mqrn-97f5 |
|
| 68 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 69 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 70 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.9.0 |
|
|
| aliases |
CVE-2017-15720, GHSA-8fg4-j562-mjrc, PYSEC-2019-147
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xt2u-n7bw-nben |
|
| 71 |
| url |
VCID-xunf-mqrn-97f5 |
| vulnerability_id |
VCID-xunf-mqrn-97f5 |
| summary |
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.2 |
| purl |
pkg:pypi/apache-airflow@1.10.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4dpy-dzpr-bbg7 |
|
| 6 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 7 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 8 |
| vulnerability |
VCID-4xdb-1kww-sfdh |
|
| 9 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 10 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 11 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 12 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 13 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 14 |
| vulnerability |
VCID-6c7g-ws6x-yygu |
|
| 15 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 16 |
| vulnerability |
VCID-6ksf-tekv-dud3 |
|
| 17 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 18 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 19 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 20 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 21 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 22 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 23 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 24 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 25 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 26 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 27 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 28 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 29 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 30 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 31 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 32 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 33 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 34 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 35 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 36 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 37 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 38 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 39 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 40 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 41 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 42 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 43 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 44 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 45 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 46 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 47 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 48 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 49 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 50 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 51 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 52 |
| vulnerability |
VCID-q83y-d2x7-m7hv |
|
| 53 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 54 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 55 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 56 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 57 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 58 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 59 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 60 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 61 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 62 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 63 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 64 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 65 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 66 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 67 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 68 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
| 69 |
| vulnerability |
VCID-z4w8-3mr1-63ed |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.2 |
|
|
| aliases |
CVE-2018-20244, GHSA-99cv-8cvv-666c, PYSEC-2019-142
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xunf-mqrn-97f5 |
|
| 72 |
| url |
VCID-y7az-a4um-jqff |
| vulnerability_id |
VCID-y7az-a4um-jqff |
| summary |
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.0.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 19 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 20 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 21 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 22 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 23 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 24 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 25 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 26 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 27 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 28 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 29 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 30 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 31 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 32 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 33 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 34 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 35 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 36 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 37 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 38 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 39 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 40 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 41 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 42 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 43 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 44 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 45 |
| vulnerability |
VCID-rkeh-vuxg-ubgn |
|
| 46 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 47 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 48 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 49 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 50 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 51 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 52 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 53 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 54 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.0.1 |
| purl |
pkg:pypi/apache-airflow@2.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 16 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 17 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 18 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 19 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 20 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 21 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 22 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 23 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 24 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 25 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 26 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 27 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 28 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 29 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 30 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 31 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 32 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 33 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 34 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 35 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 36 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 37 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 38 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 39 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 40 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 41 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 42 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 43 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 44 |
| vulnerability |
VCID-rkeh-vuxg-ubgn |
|
| 45 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 46 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 47 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 48 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 49 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 50 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 51 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 52 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1 |
|
|
| aliases |
CVE-2021-26697, GHSA-fh37-cx83-q542, PYSEC-2021-3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y7az-a4um-jqff |
|
| 73 |
| url |
VCID-ydhm-m8vh-mber |
| vulnerability_id |
VCID-ydhm-m8vh-mber |
| summary |
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue. |
| references |
| 0 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-39863, GHSA-j482-47xf-p25c, PYSEC-2024-189
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ydhm-m8vh-mber |
|
| 74 |
| url |
VCID-z4w8-3mr1-63ed |
| vulnerability_id |
VCID-z4w8-3mr1-63ed |
| summary |
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.11rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2fnz-jqpe-nuau |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-2ysx-9hz5-fyfm |
|
| 4 |
| vulnerability |
VCID-3h3z-bfsc-jqax |
|
| 5 |
| vulnerability |
VCID-4ga6-4111-dyc9 |
|
| 6 |
| vulnerability |
VCID-4xax-xw67-2qfv |
|
| 7 |
| vulnerability |
VCID-56eq-awhd-d3fr |
|
| 8 |
| vulnerability |
VCID-5cpd-kjpb-ekhv |
|
| 9 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 10 |
| vulnerability |
VCID-5yxa-ubfq-fqdx |
|
| 11 |
| vulnerability |
VCID-5zmy-2ape-7qfa |
|
| 12 |
| vulnerability |
VCID-6gjt-zsju-47a3 |
|
| 13 |
| vulnerability |
VCID-6vg9-hu9u-q7c3 |
|
| 14 |
| vulnerability |
VCID-71hr-1ews-9qa6 |
|
| 15 |
| vulnerability |
VCID-82kk-s7d6-f7he |
|
| 16 |
| vulnerability |
VCID-835a-arqz-g7h7 |
|
| 17 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 18 |
| vulnerability |
VCID-98yf-mvnw-d3b4 |
|
| 19 |
| vulnerability |
VCID-9jm4-t1je-vqhm |
|
| 20 |
| vulnerability |
VCID-9tq4-v733-hug3 |
|
| 21 |
| vulnerability |
VCID-amac-hqnj-xfgz |
|
| 22 |
| vulnerability |
VCID-b3w3-h9cm-ufgm |
|
| 23 |
| vulnerability |
VCID-bwd5-3jt5-pyb8 |
|
| 24 |
| vulnerability |
VCID-cahz-4dy7-bbe9 |
|
| 25 |
| vulnerability |
VCID-dh4r-77xc-cbas |
|
| 26 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 27 |
| vulnerability |
VCID-due7-n14c-akfx |
|
| 28 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 29 |
| vulnerability |
VCID-ez45-qkb4-xkba |
|
| 30 |
| vulnerability |
VCID-fbjk-2uvy-mqfc |
|
| 31 |
| vulnerability |
VCID-frbp-mhhr-8bdt |
|
| 32 |
| vulnerability |
VCID-gn6e-a1yp-g7dw |
|
| 33 |
| vulnerability |
VCID-gz6e-b7dz-5qdf |
|
| 34 |
| vulnerability |
VCID-h6sp-398p-pbeg |
|
| 35 |
| vulnerability |
VCID-hah6-e5fc-juc5 |
|
| 36 |
| vulnerability |
VCID-hy75-nfg7-zfae |
|
| 37 |
| vulnerability |
VCID-j86y-n37n-n7ft |
|
| 38 |
| vulnerability |
VCID-jq98-gxbc-pydt |
|
| 39 |
| vulnerability |
VCID-kh46-xrgm-9udx |
|
| 40 |
| vulnerability |
VCID-ks8d-9vr8-4feh |
|
| 41 |
| vulnerability |
VCID-mcbu-b45m-k3ck |
|
| 42 |
| vulnerability |
VCID-njyy-ywer-x7bf |
|
| 43 |
| vulnerability |
VCID-p9we-cpy2-17h4 |
|
| 44 |
| vulnerability |
VCID-pe8h-9hgu-j3hx |
|
| 45 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 46 |
| vulnerability |
VCID-pybp-gfy8-2qcr |
|
| 47 |
| vulnerability |
VCID-pypb-cezm-rkb2 |
|
| 48 |
| vulnerability |
VCID-q84t-8dac-93dm |
|
| 49 |
| vulnerability |
VCID-qehu-58hj-67gn |
|
| 50 |
| vulnerability |
VCID-qmpd-946c-gqbc |
|
| 51 |
| vulnerability |
VCID-qr9h-6dg8-gkh3 |
|
| 52 |
| vulnerability |
VCID-quaj-w9r3-qya8 |
|
| 53 |
| vulnerability |
VCID-reu2-2xcq-fqa4 |
|
| 54 |
| vulnerability |
VCID-ryct-uaw3-fyfc |
|
| 55 |
| vulnerability |
VCID-suwt-h1ze-mydu |
|
| 56 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 57 |
| vulnerability |
VCID-t476-g5u5-1yeh |
|
| 58 |
| vulnerability |
VCID-trd4-8vc9-ufab |
|
| 59 |
| vulnerability |
VCID-u5wv-47m4-8yd6 |
|
| 60 |
| vulnerability |
VCID-x9ns-34nt-gfer |
|
| 61 |
| vulnerability |
VCID-xh7u-8ze6-cqhk |
|
| 62 |
| vulnerability |
VCID-y7az-a4um-jqff |
|
| 63 |
| vulnerability |
VCID-ydhm-m8vh-mber |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1 |
|
|
| aliases |
CVE-2020-11981, GHSA-976r-qfjj-c24w, PYSEC-2020-15
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z4w8-3mr1-63ed |
|