| 0 |
| url |
VCID-1963-1kyn-2ban |
| vulnerability_id |
VCID-1963-1kyn-2ban |
| summary |
We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.
Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.3 or later which has removed the vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/33413 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33413 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
http://www.openwall.com/lists/oss-security/2023/11/12/1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/ |
|
|
| url |
http://www.openwall.com/lists/oss-security/2023/11/12/1 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.3 |
| purl |
pkg:pypi/apache-airflow@2.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 1 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 2 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 3 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 4 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 5 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 6 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 7 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 8 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 9 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 10 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 11 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 12 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 13 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 14 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 15 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 16 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 17 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 18 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 19 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3 |
|
|
| aliases |
BIT-airflow-2023-47037, CVE-2023-47037, GHSA-hm9r-7f84-25c9, PYSEC-2023-232
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1963-1kyn-2ban |
|
| 1 |
| url |
VCID-1azm-hsvr-f3e8 |
| vulnerability_id |
VCID-1azm-hsvr-f3e8 |
| summary |
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.
This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.1 |
| purl |
pkg:pypi/apache-airflow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4fjp-pn9s-tyhz |
|
| 1 |
| vulnerability |
VCID-9x6r-5m59-yyap |
|
| 2 |
| vulnerability |
VCID-bv7f-s53t-uqe4 |
|
| 3 |
| vulnerability |
VCID-g8pv-cam5-d7dj |
|
| 4 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 5 |
| vulnerability |
VCID-kmz1-dm9f-d7hj |
|
| 6 |
| vulnerability |
VCID-m3ff-jty5-3uhw |
|
| 7 |
| vulnerability |
VCID-nrc9-bdc2-dfes |
|
| 8 |
| vulnerability |
VCID-nrgz-jdnp-kyet |
|
| 9 |
| vulnerability |
VCID-pvh4-3wng-ekdq |
|
| 10 |
| vulnerability |
VCID-tj2m-5j3f-5ueq |
|
| 11 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 12 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 13 |
| vulnerability |
VCID-vwv4-7y7y-9fcj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1 |
|
|
| aliases |
CVE-2023-25693, GHSA-j69x-v4wc-3fpf, PYSEC-2023-314
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1azm-hsvr-f3e8 |
|
| 2 |
| url |
VCID-1ptn-xvsy-d3hu |
| vulnerability_id |
VCID-1ptn-xvsy-d3hu |
| summary |
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/32060 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:53Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32060 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 3 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 4 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 5 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 6 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 7 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 8 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 9 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 10 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 11 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 12 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 13 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 14 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 15 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 16 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 17 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 18 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 19 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 20 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 21 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 22 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 23 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 24 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 25 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 26 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 27 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 28 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 29 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
BIT-airflow-2023-36543, CVE-2023-36543, GHSA-3h4m-m55v-gx4m, PYSEC-2023-106
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1ptn-xvsy-d3hu |
|
| 3 |
| url |
VCID-2q7x-bua5-37h7 |
| vulnerability_id |
VCID-2q7x-bua5-37h7 |
| summary |
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).
With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.
Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/33347 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33347 |
|
| 5 |
|
| 6 |
| reference_url |
https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/ |
|
|
| url |
https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj |
|
| 7 |
| reference_url |
https://www.openwall.com/lists/oss-security/2023/08/23/1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/ |
|
|
| url |
https://www.openwall.com/lists/oss-security/2023/08/23/1 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.0rc2 |
| purl |
pkg:pypi/apache-airflow@2.7.0rc2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 3 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 4 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 5 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 6 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 7 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 8 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 9 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 10 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 11 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 12 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 13 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 14 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 15 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 16 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 17 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 18 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 19 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 20 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 21 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 22 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 23 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 24 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 25 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 26 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 27 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 28 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 29 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0rc2 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.7.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.7.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 3 |
| vulnerability |
VCID-63fw-ggbk-9ycy |
|
| 4 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 5 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 6 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 7 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 8 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 9 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 10 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 11 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 12 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 13 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 14 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 15 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 16 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 17 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 18 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 19 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 20 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 21 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 22 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 23 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 24 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 25 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 26 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 27 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 28 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1rc1 |
|
|
| aliases |
BIT-airflow-2023-40273, CVE-2023-40273, GHSA-pm87-24wq-r8w9, PYSEC-2023-158
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2q7x-bua5-37h7 |
|
| 4 |
| url |
VCID-2xpf-ut63-tbcx |
| vulnerability_id |
VCID-2xpf-ut63-tbcx |
| summary |
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-4pwq-fj89-6rjc |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-4pwq-fj89-6rjc |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.12 |
| purl |
pkg:pypi/apache-airflow@1.10.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 9 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 10 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 11 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 12 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 13 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 14 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 15 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 16 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 17 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 18 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 19 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 20 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 21 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 22 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 23 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 24 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 25 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 26 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 27 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 28 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 29 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 30 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 31 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 32 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 33 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 34 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 35 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 36 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 37 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 38 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 39 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 40 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 41 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 42 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 43 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 44 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 45 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 46 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 47 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 48 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 49 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 50 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 51 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 52 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 53 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 54 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 55 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 56 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 57 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 58 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 59 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 60 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 61 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.12 |
|
|
| aliases |
BIT-airflow-2020-13944, CVE-2020-13944, GHSA-4pwq-fj89-6rjc, PYSEC-2020-19
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2xpf-ut63-tbcx |
|
| 5 |
| url |
VCID-37nw-x186-puds |
| vulnerability_id |
VCID-37nw-x186-puds |
| summary |
If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-m6h2-jx9v-58w6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-m6h2-jx9v-58w6 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.1.2 |
| purl |
pkg:pypi/apache-airflow@2.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 10 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 11 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 12 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 13 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 14 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 15 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 16 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 17 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 18 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 19 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 20 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 21 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 22 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 23 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 24 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 25 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 26 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 27 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 28 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 29 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 30 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 31 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 32 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 33 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 34 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 35 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 36 |
| vulnerability |
VCID-kjw8-c6cn-3kee |
|
| 37 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 38 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 39 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 40 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 41 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 42 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 43 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 44 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 45 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 46 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 47 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 48 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 49 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 50 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 51 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 52 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 53 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.1.2 |
|
|
| aliases |
BIT-airflow-2021-35936, CVE-2021-35936, GHSA-m6h2-jx9v-58w6, PYSEC-2021-122
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-37nw-x186-puds |
|
| 6 |
| url |
VCID-4693-xwwu-7uem |
| vulnerability_id |
VCID-4693-xwwu-7uem |
| summary |
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/29501 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:29:36Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/29501 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.5.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.5.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-1tvn-y85f-jkb9 |
|
| 4 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 17 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 18 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 19 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 20 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 21 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 22 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 23 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 24 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 25 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 26 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 27 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 28 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 29 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 30 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 31 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 32 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 33 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 34 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 35 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 36 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 37 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 38 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 39 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.5.2 |
| purl |
pkg:pypi/apache-airflow@2.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-1tvn-y85f-jkb9 |
|
| 4 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 9 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 10 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 11 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 12 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 13 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 14 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 15 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 16 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 17 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 18 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 19 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 20 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 21 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 22 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 23 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 24 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 25 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 26 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 27 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 28 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 29 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 30 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 31 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 32 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 33 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 34 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 35 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 36 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 37 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 38 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2 |
|
|
| aliases |
BIT-airflow-2023-25695, CVE-2023-25695, GHSA-h6g5-wqqr-3mw3, PYSEC-2023-2
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4693-xwwu-7uem |
|
| 7 |
| url |
VCID-4btd-59ga-1yd4 |
| vulnerability_id |
VCID-4btd-59ga-1yd4 |
| summary |
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/30447 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/30447 |
|
| 5 |
| reference_url |
https://github.com/apache/airflow/pull/30779 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/30779 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.0 |
| purl |
pkg:pypi/apache-airflow@2.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-1tvn-y85f-jkb9 |
|
| 4 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 5 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 6 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 7 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 8 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 9 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 10 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 11 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 12 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 13 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 14 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 15 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 16 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 17 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 18 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 19 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 20 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 21 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 22 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 23 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 24 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 25 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 26 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 27 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 28 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 29 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 30 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 31 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 32 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 33 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 34 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 35 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 36 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0 |
|
|
| aliases |
BIT-airflow-2023-29247, CVE-2023-29247, GHSA-vcf6-3wv2-5vcr, PYSEC-2023-60
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4btd-59ga-1yd4 |
|
| 8 |
| url |
VCID-4u8d-ezsr-sqcz |
| vulnerability_id |
VCID-4u8d-ezsr-sqcz |
| summary |
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/36255 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/36255 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.8.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 1 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 2 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 3 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 4 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 5 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 6 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 7 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 8 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 9 |
| vulnerability |
VCID-k4r8-a72h-fkdf |
|
| 10 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 11 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 12 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 13 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 14 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 15 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 16 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.8.1 |
| purl |
pkg:pypi/apache-airflow@2.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 1 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 2 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 3 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 4 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 5 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 6 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 7 |
| vulnerability |
VCID-k4r8-a72h-fkdf |
|
| 8 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 9 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 10 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 11 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 12 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 13 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 14 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1 |
|
|
| aliases |
BIT-airflow-2023-50943, CVE-2023-50943, GHSA-c3c6-f2ww-xfr2, PYSEC-2024-13
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4u8d-ezsr-sqcz |
|
| 9 |
| url |
VCID-5j9w-1tng-k3ac |
| vulnerability_id |
VCID-5j9w-1tng-k3ac |
| summary |
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-6r3p-fcvm-xh7c |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-6r3p-fcvm-xh7c |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.13 |
| purl |
pkg:pypi/apache-airflow@1.10.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 20 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 21 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 22 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 23 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 24 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 25 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 26 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 27 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 28 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 29 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 30 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 31 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 32 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 33 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 34 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 35 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 36 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 37 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 38 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 39 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 40 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 41 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 42 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 43 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 44 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 45 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 46 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 47 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 48 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 49 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 50 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 51 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 52 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 53 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 54 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 55 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 56 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 57 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 58 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 59 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13 |
|
|
| aliases |
BIT-airflow-2020-17513, CVE-2020-17513, GHSA-6r3p-fcvm-xh7c, PYSEC-2020-20
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5j9w-1tng-k3ac |
|
| 10 |
| url |
VCID-5n7u-et4v-vfb7 |
| vulnerability_id |
VCID-5n7u-et4v-vfb7 |
| summary |
Improper Certificate Validation
Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.
The default SSL context with SSL library does not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.
Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.0 |
| purl |
pkg:pypi/apache-airflow@2.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 3 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 4 |
| vulnerability |
VCID-63fw-ggbk-9ycy |
|
| 5 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 6 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 7 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 8 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 9 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 10 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 11 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 12 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 13 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 14 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 15 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 16 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 17 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 18 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 19 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 20 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 21 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 22 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 23 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 24 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 25 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 26 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 27 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 28 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 29 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0 |
|
|
| aliases |
CVE-2023-39441, GHSA-5f35-pq34-c87q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5n7u-et4v-vfb7 |
|
| 11 |
| url |
VCID-5ph5-s3qc-guf4 |
| vulnerability_id |
VCID-5ph5-s3qc-guf4 |
| summary |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.
Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.
This issue affects Apache Airflow Drill Provider: before 2.4.3.
It is recommended to upgrade to a version that is not affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/33074 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:34:02Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33074 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.3 |
| purl |
pkg:pypi/apache-airflow@2.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 9 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 10 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 11 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 12 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 13 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 14 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 15 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 16 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 17 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 18 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 19 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 20 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 21 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 22 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 23 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 24 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 25 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 26 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 27 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 28 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 29 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 30 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 31 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 32 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 33 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 34 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 35 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 36 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 37 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 38 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 39 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3 |
|
|
| aliases |
CVE-2023-39553, GHSA-mq4v-6vg4-796c, PYSEC-2023-136
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5ph5-s3qc-guf4 |
|
| 12 |
| url |
VCID-5qe8-jdbh-x7b4 |
| vulnerability_id |
VCID-5qe8-jdbh-x7b4 |
| summary |
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-q4p3-qw5c-mhpc |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-q4p3-qw5c-mhpc |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.11rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5qe8-jdbh-x7b4 |
|
| 13 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 14 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 15 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 16 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 17 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 18 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 19 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 20 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 21 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 22 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 23 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 24 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 25 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 26 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 27 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 28 |
| vulnerability |
VCID-dp6s-jdma-a7cc |
|
| 29 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 30 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 31 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 32 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 33 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 34 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 35 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 36 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 37 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 38 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 39 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 40 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 41 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 42 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 43 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 44 |
| vulnerability |
VCID-krjr-ctw4-r3d3 |
|
| 45 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 46 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 47 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 48 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 49 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 50 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 51 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 52 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 53 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 54 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 55 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 56 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 57 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 58 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 59 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 60 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 61 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 62 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 63 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 64 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 65 |
| vulnerability |
VCID-ykge-bnhg-g7c4 |
|
| 66 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.11 |
| purl |
pkg:pypi/apache-airflow@1.10.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 13 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 14 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 15 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 16 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 17 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 18 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 19 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 20 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 21 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 22 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 23 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 24 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 25 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 26 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 27 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 28 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 29 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 30 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 31 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 32 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 33 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 34 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 35 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 36 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 37 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 38 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 39 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 40 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 41 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 42 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 43 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 44 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 45 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 46 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 47 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 48 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 49 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 50 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 51 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 52 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 53 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 54 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 55 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 56 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 57 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 58 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 59 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 60 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 61 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 62 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11 |
|
|
| aliases |
BIT-airflow-2020-11983, CVE-2020-11983, GHSA-q4p3-qw5c-mhpc, PYSEC-2020-17
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5qe8-jdbh-x7b4 |
|
| 13 |
| url |
VCID-5ufe-1rrj-rkgp |
| vulnerability_id |
VCID-5ufe-1rrj-rkgp |
| summary |
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/22754 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T19:43:53Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/22754 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.1 |
| purl |
pkg:pypi/apache-airflow@2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 17 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 18 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 19 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 20 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 21 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 22 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 23 |
| vulnerability |
VCID-fut9-4dat-qbfy |
|
| 24 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 25 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 26 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 27 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 28 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 29 |
| vulnerability |
VCID-k7ea-m9cw-w3fz |
|
| 30 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 31 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 32 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 33 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 34 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 35 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 36 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 37 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 38 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 39 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 40 |
| vulnerability |
VCID-swav-nrrn-wbcs |
|
| 41 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 42 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 43 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 44 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 45 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 46 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 47 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 48 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.1 |
|
|
| aliases |
BIT-airflow-2022-27949, CVE-2022-27949, GHSA-fvw2-2pf7-77vw, PYSEC-2022-42981
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5ufe-1rrj-rkgp |
|
| 14 |
| url |
VCID-6hxm-nnhg-buex |
| vulnerability_id |
VCID-6hxm-nnhg-buex |
| summary |
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.2.4 |
| purl |
pkg:pypi/apache-airflow@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 10 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 11 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 12 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 13 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 14 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 15 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 16 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 17 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 18 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 19 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 20 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 21 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 22 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 23 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 24 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 25 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 26 |
| vulnerability |
VCID-fut9-4dat-qbfy |
|
| 27 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 28 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 29 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 30 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 31 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 32 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 33 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 34 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 35 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 36 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 37 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 38 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 39 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 40 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 41 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 42 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 43 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 44 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 45 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 46 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 47 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 48 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 49 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 50 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4 |
|
|
| aliases |
BIT-airflow-2022-24288, CVE-2022-24288, GHSA-3v7g-4pg3-7r6j, PYSEC-2022-30
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6hxm-nnhg-buex |
|
| 15 |
| url |
VCID-7xea-ge93-yuee |
| vulnerability_id |
VCID-7xea-ge93-yuee |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.0 |
| purl |
pkg:pypi/apache-airflow@2.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 10 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 11 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 12 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 13 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 14 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 15 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 16 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 17 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 18 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 19 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 20 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 21 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 22 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 23 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 24 |
| vulnerability |
VCID-fut9-4dat-qbfy |
|
| 25 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 26 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 27 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 28 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 29 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 30 |
| vulnerability |
VCID-k7ea-m9cw-w3fz |
|
| 31 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 32 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 33 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 34 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 35 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 36 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 37 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 38 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 39 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 40 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 41 |
| vulnerability |
VCID-swav-nrrn-wbcs |
|
| 42 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 43 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 44 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 45 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 46 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 47 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 48 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 49 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0 |
|
|
| aliases |
CVE-2022-38649, GHSA-7wqf-h36w-47mc
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7xea-ge93-yuee |
|
| 16 |
| url |
VCID-7z8j-8f4d-53dm |
| vulnerability_id |
VCID-7z8j-8f4d-53dm |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/32309 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:26Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32309 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 3 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 4 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 5 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 6 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 7 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 8 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 9 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 10 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 11 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 12 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 13 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 14 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 15 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 16 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 17 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 18 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 19 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 20 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 21 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 22 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 23 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 24 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 25 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 26 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 27 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 28 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 29 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
BIT-airflow-2022-46651, CVE-2022-46651, GHSA-xvw9-3mhm-xjqq, PYSEC-2023-103
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7z8j-8f4d-53dm |
|
| 17 |
| url |
VCID-82p8-yujf-hkdd |
| vulnerability_id |
VCID-82p8-yujf-hkdd |
| summary |
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/36257 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/36257 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.8.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 1 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 2 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 3 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 4 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 5 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 6 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 7 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 8 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 9 |
| vulnerability |
VCID-k4r8-a72h-fkdf |
|
| 10 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 11 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 12 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 13 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 14 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 15 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 16 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.8.1 |
| purl |
pkg:pypi/apache-airflow@2.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 1 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 2 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 3 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 4 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 5 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 6 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 7 |
| vulnerability |
VCID-k4r8-a72h-fkdf |
|
| 8 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 9 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 10 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 11 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 12 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 13 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 14 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1 |
|
|
| aliases |
BIT-airflow-2023-50944, CVE-2023-50944, GHSA-vm5m-qmrx-fw8w, PYSEC-2024-14
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-82p8-yujf-hkdd |
|
| 18 |
| url |
VCID-8htr-89h8-6fba |
| vulnerability_id |
VCID-8htr-89h8-6fba |
| summary |
|
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
| reference_url |
https://github.com/apache/airflow/pull/43123 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 3 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-08T17:21:41Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/43123 |
|
| 3 |
| reference_url |
https://lists.apache.org/thread/17rxys384lzfd6nhm3fztzgvk47zy7jb |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 3 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-08T17:21:41Z/ |
|
|
| url |
https://lists.apache.org/thread/17rxys384lzfd6nhm3fztzgvk47zy7jb |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-50378, GHSA-j857-2pwm-jjmm
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8htr-89h8-6fba |
|
| 19 |
| url |
VCID-8m3p-yzr8-yyhj |
| vulnerability_id |
VCID-8m3p-yzr8-yyhj |
| summary |
Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.
Users should upgrade to 2.10.0 or later, which fixes this vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/40933 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:36:00Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/40933 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
BIT-airflow-2024-41937, CVE-2024-41937, GHSA-w7cp-g8v7-r54m, PYSEC-2024-181
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8m3p-yzr8-yyhj |
|
| 20 |
| url |
VCID-8npr-rvfd-jkfj |
| vulnerability_id |
VCID-8npr-rvfd-jkfj |
| summary |
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.1 or later which has removed the vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/33413 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33413 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
http://www.openwall.com/lists/oss-security/2023/11/12/1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/ |
|
|
| url |
http://www.openwall.com/lists/oss-security/2023/11/12/1 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.1 |
| purl |
pkg:pypi/apache-airflow@2.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 3 |
| vulnerability |
VCID-63fw-ggbk-9ycy |
|
| 4 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 5 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 6 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 7 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 8 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 9 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 10 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 11 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 12 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 13 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 14 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 15 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 16 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 17 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 18 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 19 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 20 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 21 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 22 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 23 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 24 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 25 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 26 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1 |
|
|
| aliases |
BIT-airflow-2023-40611, CVE-2023-40611, GHSA-wpg8-mf6h-gm92, PYSEC-2023-170
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8npr-rvfd-jkfj |
|
| 21 |
| url |
VCID-8ykk-1kak-6bfd |
| vulnerability_id |
VCID-8ykk-1kak-6bfd |
| summary |
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.2 |
| purl |
pkg:pypi/apache-airflow@2.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 3 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 4 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 5 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 6 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 7 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 8 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 9 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 10 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 11 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 12 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 13 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 14 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 15 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 16 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 17 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 18 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 19 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 20 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 21 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2 |
|
|
| aliases |
BIT-airflow-2023-42780, CVE-2023-42780, GHSA-cgx2-rrmr-jx43, PYSEC-2023-202
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8ykk-1kak-6bfd |
|
| 22 |
| url |
VCID-91ta-vnkv-5ydh |
| vulnerability_id |
VCID-91ta-vnkv-5ydh |
| summary |
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-q3p4-gw7r-wqjc |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-q3p4-gw7r-wqjc |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.6rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.6rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5qe8-jdbh-x7b4 |
|
| 13 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 14 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 15 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 16 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 17 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 18 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 19 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 20 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 21 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 22 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 23 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 24 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 25 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 26 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 27 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 28 |
| vulnerability |
VCID-dp6s-jdma-a7cc |
|
| 29 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 30 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 31 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 32 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 33 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 34 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 35 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 36 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 37 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 38 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 39 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 40 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 41 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 42 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 43 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 44 |
| vulnerability |
VCID-krjr-ctw4-r3d3 |
|
| 45 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 46 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 47 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 48 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 49 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 50 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 51 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 52 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 53 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 54 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 55 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 56 |
| vulnerability |
VCID-syqv-6kj7-j3e5 |
|
| 57 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 58 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 59 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 60 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 61 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 62 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 63 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 64 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 65 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 66 |
| vulnerability |
VCID-ykge-bnhg-g7c4 |
|
| 67 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 68 |
| vulnerability |
VCID-yz8w-uv1z-5ybw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.6rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.6 |
| purl |
pkg:pypi/apache-airflow@1.10.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5qe8-jdbh-x7b4 |
|
| 13 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 14 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 15 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 16 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 17 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 18 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 19 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 20 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 21 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 22 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 23 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 24 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 25 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 26 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 27 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 28 |
| vulnerability |
VCID-dp6s-jdma-a7cc |
|
| 29 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 30 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 31 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 32 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 33 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 34 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 35 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 36 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 37 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 38 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 39 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 40 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 41 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 42 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 43 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 44 |
| vulnerability |
VCID-krjr-ctw4-r3d3 |
|
| 45 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 46 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 47 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 48 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 49 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 50 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 51 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 52 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 53 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 54 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 55 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 56 |
| vulnerability |
VCID-syqv-6kj7-j3e5 |
|
| 57 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 58 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 59 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 60 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 61 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 62 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 63 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 64 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 65 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 66 |
| vulnerability |
VCID-ykge-bnhg-g7c4 |
|
| 67 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 68 |
| vulnerability |
VCID-yz8w-uv1z-5ybw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.6 |
|
|
| aliases |
CVE-2019-12417, GHSA-q3p4-gw7r-wqjc, PYSEC-2019-216
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-91ta-vnkv-5ydh |
|
| 23 |
| url |
VCID-9f34-2r5y-sydz |
| vulnerability_id |
VCID-9f34-2r5y-sydz |
| summary |
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
|
| 1 |
| value |
8.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.14 |
| purl |
pkg:pypi/apache-airflow@1.10.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 21 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 22 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 23 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 24 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 25 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 26 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 27 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 28 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 29 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 30 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 31 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 32 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 33 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 34 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 35 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 36 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 37 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 38 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 39 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 40 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 41 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 42 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 43 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 44 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 45 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 46 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 47 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 48 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 49 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 50 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 51 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 52 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 53 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 54 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 55 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 56 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 57 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 58 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.14 |
|
|
| aliases |
BIT-airflow-2020-17526, CVE-2020-17526, GHSA-7mx5-x372-xh87, PYSEC-2020-22
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9f34-2r5y-sydz |
|
| 24 |
| url |
VCID-arbk-dryb-qkda |
| vulnerability_id |
VCID-arbk-dryb-qkda |
| summary |
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/apache/airflow/pull/37501 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/37501 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
http://www.openwall.com/lists/oss-security/2024/03/01/1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/ |
|
|
| url |
http://www.openwall.com/lists/oss-security/2024/03/01/1 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.2 |
| purl |
pkg:pypi/apache-airflow@2.8.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 1 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 2 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 3 |
| vulnerability |
VCID-974g-7wsa-dqd7 |
|
| 4 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 5 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 6 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 7 |
| vulnerability |
VCID-k4r8-a72h-fkdf |
|
| 8 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 9 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 10 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 11 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 12 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 13 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2 |
|
|
| aliases |
BIT-airflow-2024-26280, CVE-2024-26280, GHSA-6xwf-xvf3-v459, PYSEC-2024-42
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-arbk-dryb-qkda |
|
| 25 |
| url |
VCID-bn9u-brjp-yudy |
| vulnerability_id |
VCID-bn9u-brjp-yudy |
| summary |
Edge3 Worker RPC RCE on Airflow 2.
This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.
The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.
If you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.
If you used Edge Provider in Airflow 3, you are not affected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.0 |
| purl |
pkg:pypi/apache-airflow@2.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 21 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 22 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 23 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 24 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 25 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 26 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 27 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 28 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 29 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 30 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 31 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 32 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 33 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 34 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 35 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 36 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 37 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 38 |
| vulnerability |
VCID-kjw8-c6cn-3kee |
|
| 39 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 40 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 41 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 42 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 43 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 44 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 45 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 46 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 47 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 48 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 49 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 50 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 51 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 52 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 53 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 54 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 55 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 56 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 57 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 58 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0 |
|
|
| aliases |
CVE-2025-67895, GHSA-66h8-3g48-6hx8, PYSEC-2025-87
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bn9u-brjp-yudy |
|
| 26 |
| url |
VCID-bxw8-918z-1be5 |
| vulnerability_id |
VCID-bxw8-918z-1be5 |
| summary |
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
4.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.5 |
| purl |
pkg:pypi/apache-airflow@1.10.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5qe8-jdbh-x7b4 |
|
| 13 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 14 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 15 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 16 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 17 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 18 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 19 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 20 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 21 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 22 |
| vulnerability |
VCID-91ta-vnkv-5ydh |
|
| 23 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 24 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 25 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 26 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 27 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 28 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 29 |
| vulnerability |
VCID-dp6s-jdma-a7cc |
|
| 30 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 31 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 32 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 33 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 34 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 35 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 36 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 37 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 38 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 39 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 40 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 41 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 42 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 43 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 44 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 45 |
| vulnerability |
VCID-krjr-ctw4-r3d3 |
|
| 46 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 47 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 48 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 49 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 50 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 51 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 52 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 53 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 54 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 55 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 56 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 57 |
| vulnerability |
VCID-syqv-6kj7-j3e5 |
|
| 58 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 59 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 60 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 61 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 62 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 63 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 64 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 65 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 66 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 67 |
| vulnerability |
VCID-ykge-bnhg-g7c4 |
|
| 68 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 69 |
| vulnerability |
VCID-yz8w-uv1z-5ybw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.5 |
|
|
| aliases |
CVE-2019-12398, GHSA-rjvg-q57v-mjjc, PYSEC-2020-162
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bxw8-918z-1be5 |
|
| 27 |
| url |
VCID-ctd9-hxfn-8fcs |
| vulnerability_id |
VCID-ctd9-hxfn-8fcs |
| summary |
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 17 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 18 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 19 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 20 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 21 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 22 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 23 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 24 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 25 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 26 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 27 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 28 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 29 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 30 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 31 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 32 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 33 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 34 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 35 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 36 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 37 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 38 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 39 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 40 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 41 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 42 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 43 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 44 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.4.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 17 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 18 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 19 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 20 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 21 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 22 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 23 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 24 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 25 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 26 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 27 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 28 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 29 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 30 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 31 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 32 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 33 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 34 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 35 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 36 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 37 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 38 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 39 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 40 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 41 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 42 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 43 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1 |
|
|
| aliases |
BIT-airflow-2022-41672, CVE-2022-41672, GHSA-3q8r-f3pj-3gc4, PYSEC-2022-42983
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ctd9-hxfn-8fcs |
|
| 28 |
| url |
VCID-d3kc-fn21-xqar |
| vulnerability_id |
VCID-d3kc-fn21-xqar |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/32293 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:44:40Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32293 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 3 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 4 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 5 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 6 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 7 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 8 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 9 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 10 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 11 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 12 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 13 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 14 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 15 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 16 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 17 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 18 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 19 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 20 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 21 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 22 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 23 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 24 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 25 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 26 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 27 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 28 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 29 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
BIT-airflow-2023-22887, CVE-2023-22887, GHSA-ggwr-4vr8-g7wv, PYSEC-2023-104
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d3kc-fn21-xqar |
|
| 29 |
| url |
VCID-dk1y-938p-k3bv |
| vulnerability_id |
VCID-dk1y-938p-k3bv |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/32293 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:48:07Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32293 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 3 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 4 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 5 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 6 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 7 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 8 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 9 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 10 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 11 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 12 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 13 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 14 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 15 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 16 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 17 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 18 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 19 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 20 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 21 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 22 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 23 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 24 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 25 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 26 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 27 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 28 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 29 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
BIT-airflow-2023-22888, CVE-2023-22888, GHSA-5946-8p38-vffp, PYSEC-2023-105
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dk1y-938p-k3bv |
|
| 30 |
| url |
VCID-dp6s-jdma-a7cc |
| vulnerability_id |
VCID-dp6s-jdma-a7cc |
| summary |
An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-j38c-25fj-mr84 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-j38c-25fj-mr84 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.11rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5qe8-jdbh-x7b4 |
|
| 13 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 14 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 15 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 16 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 17 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 18 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 19 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 20 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 21 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 22 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 23 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 24 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 25 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 26 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 27 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 28 |
| vulnerability |
VCID-dp6s-jdma-a7cc |
|
| 29 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 30 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 31 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 32 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 33 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 34 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 35 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 36 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 37 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 38 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 39 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 40 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 41 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 42 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 43 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 44 |
| vulnerability |
VCID-krjr-ctw4-r3d3 |
|
| 45 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 46 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 47 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 48 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 49 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 50 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 51 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 52 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 53 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 54 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 55 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 56 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 57 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 58 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 59 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 60 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 61 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 62 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 63 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 64 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 65 |
| vulnerability |
VCID-ykge-bnhg-g7c4 |
|
| 66 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.11 |
| purl |
pkg:pypi/apache-airflow@1.10.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 13 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 14 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 15 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 16 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 17 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 18 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 19 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 20 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 21 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 22 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 23 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 24 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 25 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 26 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 27 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 28 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 29 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 30 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 31 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 32 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 33 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 34 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 35 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 36 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 37 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 38 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 39 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 40 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 41 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 42 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 43 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 44 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 45 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 46 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 47 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 48 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 49 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 50 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 51 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 52 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 53 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 54 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 55 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 56 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 57 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 58 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 59 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 60 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 61 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 62 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11 |
|
|
| aliases |
BIT-airflow-2020-9485, CVE-2020-9485, GHSA-j38c-25fj-mr84, PYSEC-2020-23
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dp6s-jdma-a7cc |
|
| 31 |
| url |
VCID-e19b-adrm-x7fu |
| vulnerability_id |
VCID-e19b-adrm-x7fu |
| summary |
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.3 |
| purl |
pkg:pypi/apache-airflow@2.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 9 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 10 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 11 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 12 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 13 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 14 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 15 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 16 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 17 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 18 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 19 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 20 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 21 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 22 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 23 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 24 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 25 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 26 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 27 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 28 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 29 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 30 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 31 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 32 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 33 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 34 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 35 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 36 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 37 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 38 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 39 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3 |
|
|
| aliases |
BIT-airflow-2022-45402, CVE-2022-45402, GHSA-rg94-84xj-7gq3, PYSEC-2022-42984
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e19b-adrm-x7fu |
|
| 32 |
| url |
VCID-e41n-8a2f-53ay |
| vulnerability_id |
VCID-e41n-8a2f-53ay |
| summary |
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.5.1 |
| purl |
pkg:pypi/apache-airflow@2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-1tvn-y85f-jkb9 |
|
| 4 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 17 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 18 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 19 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 20 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 21 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 22 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 23 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 24 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 25 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 26 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 27 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 28 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 29 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 30 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 31 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 32 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 33 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 34 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 35 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 36 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 37 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 38 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 39 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.1 |
|
|
| aliases |
CVE-2023-22884, GHSA-c732-xvv8-g94c
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e41n-8a2f-53ay |
|
| 33 |
| url |
VCID-fctg-457f-4uae |
| vulnerability_id |
VCID-fctg-457f-4uae |
| summary |
Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/34939 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/34939 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.3 |
| purl |
pkg:pypi/apache-airflow@2.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 1 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 2 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 3 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 4 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 5 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 6 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 7 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 8 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 9 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 10 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 11 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 12 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 13 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 14 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 15 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 16 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 17 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 18 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 19 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3 |
|
|
| aliases |
BIT-airflow-2023-42781, CVE-2023-42781, GHSA-r7x6-xfcm-3mxv, PYSEC-2023-231
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fctg-457f-4uae |
|
| 34 |
| url |
VCID-fnsx-gtgn-27dr |
| vulnerability_id |
VCID-fnsx-gtgn-27dr |
| summary |
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/25960 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T18:58:19Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/25960 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.0 |
| purl |
pkg:pypi/apache-airflow@2.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 17 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 18 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 19 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 20 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 21 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 22 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 23 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 24 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 25 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 26 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 27 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 28 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 29 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 30 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 31 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 32 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 33 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 34 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 35 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 36 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 37 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 38 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 39 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 40 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 41 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 42 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 43 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 44 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.0 |
|
|
| aliases |
BIT-airflow-2022-40127, CVE-2022-40127, GHSA-6pw3-8h9w-32gc, PYSEC-2022-42982
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fnsx-gtgn-27dr |
|
| 35 |
| url |
VCID-ftrt-j7rc-pbct |
| vulnerability_id |
VCID-ftrt-j7rc-pbct |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.0 |
| purl |
pkg:pypi/apache-airflow@2.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 10 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 11 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 12 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 13 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 14 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 15 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 16 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 17 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 18 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 19 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 20 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 21 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 22 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 23 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 24 |
| vulnerability |
VCID-fut9-4dat-qbfy |
|
| 25 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 26 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 27 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 28 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 29 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 30 |
| vulnerability |
VCID-k7ea-m9cw-w3fz |
|
| 31 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 32 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 33 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 34 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 35 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 36 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 37 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 38 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 39 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 40 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 41 |
| vulnerability |
VCID-swav-nrrn-wbcs |
|
| 42 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 43 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 44 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 45 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 46 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 47 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 48 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 49 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0 |
|
|
| aliases |
CVE-2022-41131, GHSA-cm43-f2pv-6v68
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ftrt-j7rc-pbct |
|
| 36 |
| url |
VCID-gbgf-jfzt-tqg1 |
| vulnerability_id |
VCID-gbgf-jfzt-tqg1 |
| summary |
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-65xw-pcqw-hjrh |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-65xw-pcqw-hjrh |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.2.4rc1 |
| purl |
pkg:pypi/apache-airflow@2.2.4rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 10 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 11 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 12 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 13 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 14 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 15 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 16 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 17 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 18 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 19 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 20 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 21 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 22 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 23 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 24 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 25 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 26 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 27 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 28 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 29 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 30 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 31 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 32 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 33 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 34 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 35 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 36 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 37 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 38 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 39 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 40 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 41 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 42 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 43 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 44 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 45 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 46 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 47 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 48 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 49 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 50 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4rc1 |
|
|
| aliases |
BIT-airflow-2021-45229, CVE-2021-45229, GHSA-65xw-pcqw-hjrh, PYSEC-2022-29
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gbgf-jfzt-tqg1 |
|
| 37 |
| url |
VCID-gg94-fdbv-y7g1 |
| vulnerability_id |
VCID-gg94-fdbv-y7g1 |
| summary |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/30215 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/30215 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.2 |
| purl |
pkg:pypi/apache-airflow@2.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 17 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 18 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 19 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 20 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 21 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 22 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 23 |
| vulnerability |
VCID-fut9-4dat-qbfy |
|
| 24 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 25 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 26 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 27 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 28 |
| vulnerability |
VCID-k7ea-m9cw-w3fz |
|
| 29 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 30 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 31 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 32 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 33 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 34 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 35 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 36 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 37 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 38 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 39 |
| vulnerability |
VCID-swav-nrrn-wbcs |
|
| 40 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 41 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 42 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 43 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 44 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 45 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 46 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 47 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.2 |
|
|
| aliases |
CVE-2023-28707, GHSA-85pf-r4c7-3j9r, PYSEC-2023-3
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gg94-fdbv-y7g1 |
|
| 38 |
| url |
VCID-gt7b-5554-y7dq |
| vulnerability_id |
VCID-gt7b-5554-y7dq |
| summary |
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-3xxv-p78r-4fc6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-3xxv-p78r-4fc6 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.15 |
| purl |
pkg:pypi/apache-airflow@1.10.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 21 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 22 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 23 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 24 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 25 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 26 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 27 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 28 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 29 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 30 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 31 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 32 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 33 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 34 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 35 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 36 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 37 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 38 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 39 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 40 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 41 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 42 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 43 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 44 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 45 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 46 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 47 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 48 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 49 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 50 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 51 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 52 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 53 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 54 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 55 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 56 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.15 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.0.2 |
| purl |
pkg:pypi/apache-airflow@2.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 21 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 22 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 23 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 24 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 25 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 26 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 27 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 28 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 29 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 30 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 31 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 32 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 33 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 34 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 35 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 36 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 37 |
| vulnerability |
VCID-kjw8-c6cn-3kee |
|
| 38 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 39 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 40 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 41 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 42 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 43 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 44 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 45 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 46 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 47 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 48 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 49 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 50 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 51 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 52 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 53 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 54 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2 |
|
|
| aliases |
BIT-airflow-2021-28359, CVE-2021-28359, GHSA-3xxv-p78r-4fc6, PYSEC-2021-4
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gt7b-5554-y7dq |
|
| 39 |
| url |
VCID-hgq2-kuex-y3a3 |
| vulnerability_id |
VCID-hgq2-kuex-y3a3 |
| summary |
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.2 |
| purl |
pkg:pypi/apache-airflow@2.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 3 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 4 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 5 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 6 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 7 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 8 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 9 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 10 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 11 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 12 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 13 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 14 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 15 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 16 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 17 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 18 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 19 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 20 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 21 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2 |
|
|
| aliases |
BIT-airflow-2023-42663, CVE-2023-42663, GHSA-32wr-qqw6-5mfp, PYSEC-2023-197
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hgq2-kuex-y3a3 |
|
| 40 |
| url |
VCID-hpf3-3z3m-6ydt |
| vulnerability_id |
VCID-hpf3-3z3m-6ydt |
| summary |
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.
Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.
This issue affects Apache Airflow: before 2.9.2.
Users are recommended to upgrade to version 2.9.2, which fixes the issue. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-airflow-2024-25142, CVE-2024-25142, GHSA-9xpj-62mm-24h2, PYSEC-2024-195
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hpf3-3z3m-6ydt |
|
| 41 |
| url |
VCID-j6uh-kx6m-sydp |
| vulnerability_id |
VCID-j6uh-kx6m-sydp |
| summary |
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-airflow-2026-25917, CVE-2026-25917, GHSA-6ffj-2wg2-w45j, PYSEC-2026-13
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j6uh-kx6m-sydp |
|
| 42 |
| url |
VCID-jqd6-8d26-7ya2 |
| vulnerability_id |
VCID-jqd6-8d26-7ya2 |
| summary |
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.
Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Note: the vulnerability is about the information exposed in the logs not about accessing the logs.
This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.
Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.0 |
| purl |
pkg:pypi/apache-airflow@2.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 3 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 4 |
| vulnerability |
VCID-63fw-ggbk-9ycy |
|
| 5 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 6 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 7 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 8 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 9 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 10 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 11 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 12 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 13 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 14 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 15 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 16 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 17 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 18 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 19 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 20 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 21 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 22 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 23 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 24 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 25 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 26 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 27 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 28 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 29 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0 |
|
|
| aliases |
CVE-2023-46215, GHSA-666g-rfc5-c9jv
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jqd6-8d26-7ya2 |
|
| 43 |
| url |
VCID-jrwf-mt69-1ydt |
| vulnerability_id |
VCID-jrwf-mt69-1ydt |
| summary |
In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.0b1 |
| purl |
pkg:pypi/apache-airflow@2.0.0b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 21 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 22 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 23 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 24 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 25 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 26 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 27 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 28 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 29 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 30 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 31 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 32 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 33 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 34 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 35 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 36 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 37 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 38 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 39 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 40 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 41 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 42 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 43 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 44 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 45 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 46 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 47 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 48 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 49 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 50 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 51 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 52 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 53 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 54 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 55 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 56 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 57 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.2.0 |
| purl |
pkg:pypi/apache-airflow@2.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 10 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 11 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 12 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 13 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 14 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 15 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 16 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 17 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 18 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 19 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 20 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 21 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 22 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 23 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 24 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 25 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 26 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 27 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 28 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 29 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 30 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 31 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 32 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 33 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 34 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 35 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 36 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 37 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 38 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 39 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 40 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 41 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 42 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 43 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 44 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 45 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 46 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 47 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 48 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 49 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 50 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 51 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.0 |
|
|
| aliases |
BIT-airflow-2021-45230, CVE-2021-45230, GHSA-4jh2-3c85-q67h, PYSEC-2022-11
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jrwf-mt69-1ydt |
|
| 44 |
| url |
VCID-kb4a-mm13-63bj |
| vulnerability_id |
VCID-kb4a-mm13-63bj |
| summary |
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-airflow-2024-45784, CVE-2024-45784, GHSA-46c3-5xc5-wwhv, PYSEC-2024-182
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kb4a-mm13-63bj |
|
| 45 |
| url |
VCID-kgfb-yphg-n3ec |
| vulnerability_id |
VCID-kgfb-yphg-n3ec |
| summary |
Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/29506 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/29506 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
http://www.openwall.com/lists/oss-security/2023/05/08/2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/ |
|
|
| url |
http://www.openwall.com/lists/oss-security/2023/05/08/2 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.0b1 |
| purl |
pkg:pypi/apache-airflow@2.6.0b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-1tvn-y85f-jkb9 |
|
| 4 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 9 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 10 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 11 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 12 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 13 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 14 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 15 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 16 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 17 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 18 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 19 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 20 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 21 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 22 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 23 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 24 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 25 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 26 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 27 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 28 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 29 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 30 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 31 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 32 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 33 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 34 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 35 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 36 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 37 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 38 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.6.0 |
| purl |
pkg:pypi/apache-airflow@2.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-1tvn-y85f-jkb9 |
|
| 4 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 5 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 6 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 7 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 8 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 9 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 10 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 11 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 12 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 13 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 14 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 15 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 16 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 17 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 18 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 19 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 20 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 21 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 22 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 23 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 24 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 25 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 26 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 27 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 28 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 29 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 30 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 31 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 32 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 33 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 34 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 35 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 36 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0 |
|
|
| aliases |
BIT-airflow-2023-25754, CVE-2023-25754, GHSA-jchm-fm4q-c2fp, PYSEC-2023-59
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kgfb-yphg-n3ec |
|
| 46 |
| url |
VCID-krjr-ctw4-r3d3 |
| vulnerability_id |
VCID-krjr-ctw4-r3d3 |
| summary |
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-hhx9-p69v-cx2j |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hhx9-p69v-cx2j |
|
| 5 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11 |
| purl |
pkg:pypi/apache-airflow@1.10.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 13 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 14 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 15 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 16 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 17 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 18 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 19 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 20 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 21 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 22 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 23 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 24 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 25 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 26 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 27 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 28 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 29 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 30 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 31 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 32 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 33 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 34 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 35 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 36 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 37 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 38 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 39 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 40 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 41 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 42 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 43 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 44 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 45 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 46 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 47 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 48 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 49 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 50 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 51 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 52 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 53 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 54 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 55 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 56 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 57 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 58 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 59 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 60 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 61 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 62 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11 |
|
|
| aliases |
BIT-airflow-2020-13927, CVE-2020-13927, GHSA-hhx9-p69v-cx2j, PYSEC-2020-18
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-krjr-ctw4-r3d3 |
|
| 47 |
| url |
VCID-ms13-tzaa-hkej |
| vulnerability_id |
VCID-ms13-tzaa-hkej |
| summary |
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-fh37-cx83-q542 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-fh37-cx83-q542 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.0.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 21 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 22 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 23 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 24 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 25 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 26 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 27 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 28 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 29 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 30 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 31 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 32 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 33 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 34 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 35 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 36 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 37 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 38 |
| vulnerability |
VCID-kjw8-c6cn-3kee |
|
| 39 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 40 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 41 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 42 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 43 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 44 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 45 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 46 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 47 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 48 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 49 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 50 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 51 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 52 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 53 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 54 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 55 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 56 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 57 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 58 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.0.1 |
| purl |
pkg:pypi/apache-airflow@2.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 21 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 22 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 23 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 24 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 25 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 26 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 27 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 28 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 29 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 30 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 31 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 32 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 33 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 34 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 35 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 36 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 37 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 38 |
| vulnerability |
VCID-kjw8-c6cn-3kee |
|
| 39 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 40 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 41 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 42 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 43 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 44 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 45 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 46 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 47 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 48 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 49 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 50 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 51 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 52 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 53 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 54 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 55 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 56 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1 |
|
|
| aliases |
BIT-airflow-2021-26697, CVE-2021-26697, GHSA-fh37-cx83-q542, PYSEC-2021-3
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ms13-tzaa-hkej |
|
| 48 |
| url |
VCID-nfbc-tutd-37bw |
| vulnerability_id |
VCID-nfbc-tutd-37bw |
| summary |
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.
This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.
Users are recommended to upgrade to 2.8.0, which fixes this issue |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.0 |
| purl |
pkg:pypi/apache-airflow@2.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 1 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 2 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 3 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 4 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 5 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 6 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 7 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 8 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 9 |
| vulnerability |
VCID-k4r8-a72h-fkdf |
|
| 10 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 11 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 12 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 13 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 14 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 15 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 16 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0 |
|
|
| aliases |
BIT-airflow-2023-50783, CVE-2023-50783, GHSA-5938-79hg-xh3q, PYSEC-2023-267
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nfbc-tutd-37bw |
|
| 49 |
| url |
VCID-p42d-ta7v-7yhn |
| vulnerability_id |
VCID-p42d-ta7v-7yhn |
| summary |
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-q8h9-pqcx-59hw |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-q8h9-pqcx-59hw |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
5.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.4 |
| purl |
pkg:pypi/apache-airflow@2.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 17 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 18 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 19 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 20 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 21 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 22 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 23 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 24 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 25 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 26 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 27 |
| vulnerability |
VCID-k7ea-m9cw-w3fz |
|
| 28 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 29 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 30 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 31 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 32 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 33 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 34 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 35 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 36 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 37 |
| vulnerability |
VCID-swav-nrrn-wbcs |
|
| 38 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 39 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 40 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 41 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 42 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 43 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 44 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 45 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.4 |
|
|
| aliases |
BIT-airflow-2022-38170, CVE-2022-38170, GHSA-q8h9-pqcx-59hw, PYSEC-2022-261
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p42d-ta7v-7yhn |
|
| 50 |
| url |
VCID-pb3b-22wk-pbh5 |
| vulnerability_id |
VCID-pb3b-22wk-pbh5 |
| summary |
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0
This issue affects Apache Airflow: before 2.6.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
http://seclists.org/fulldisclosure/2023/Jul/43 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/ |
|
|
| url |
http://seclists.org/fulldisclosure/2023/Jul/43 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/29706 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/29706 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.0b1 |
| purl |
pkg:pypi/apache-airflow@2.6.0b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-1tvn-y85f-jkb9 |
|
| 4 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 9 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 10 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 11 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 12 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 13 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 14 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 15 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 16 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 17 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 18 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 19 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 20 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 21 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 22 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 23 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 24 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 25 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 26 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 27 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 28 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 29 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 30 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 31 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 32 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 33 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 34 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 35 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 36 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 37 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 38 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.6.0 |
| purl |
pkg:pypi/apache-airflow@2.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-1tvn-y85f-jkb9 |
|
| 4 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 5 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 6 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 7 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 8 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 9 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 10 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 11 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 12 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 13 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 14 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 15 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 16 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 17 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 18 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 19 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 20 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 21 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 22 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 23 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 24 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 25 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 26 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 27 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 28 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 29 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 30 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 31 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 32 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 33 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 34 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 35 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 36 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0 |
|
|
| aliases |
BIT-airflow-2023-39508, CVE-2023-39508, GHSA-269x-pg5c-5xgm, PYSEC-2023-134
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pb3b-22wk-pbh5 |
|
| 51 |
| url |
VCID-pmtw-nwnc-nyfw |
| vulnerability_id |
VCID-pmtw-nwnc-nyfw |
| summary |
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.
Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.2 |
| purl |
pkg:pypi/apache-airflow@2.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 3 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 4 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 5 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 6 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 7 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 8 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 9 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 10 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 11 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 12 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 13 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 14 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 15 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 16 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 17 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 18 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 19 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 20 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 21 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2 |
|
|
| aliases |
BIT-airflow-2023-42792, CVE-2023-42792, GHSA-j3w8-2p2h-mrr9, PYSEC-2023-203
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pmtw-nwnc-nyfw |
|
| 52 |
| url |
VCID-pqgj-ry81-6ua3 |
| vulnerability_id |
VCID-pqgj-ry81-6ua3 |
| summary |
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/27143 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:26:33Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/27143 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 17 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 18 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 19 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 20 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 21 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 22 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 23 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 24 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 25 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 26 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 27 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 28 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 29 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 30 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 31 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 32 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 33 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 34 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 35 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 36 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 37 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 38 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 39 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 40 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 41 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 42 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 43 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.4.2 |
| purl |
pkg:pypi/apache-airflow@2.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 17 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 18 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 19 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 20 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 21 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 22 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 23 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 24 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 25 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 26 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 27 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 28 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 29 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 30 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 31 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 32 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 33 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 34 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 35 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 36 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 37 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 38 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 39 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 40 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 41 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2 |
|
|
| aliases |
BIT-airflow-2022-43985, CVE-2022-43985, GHSA-f9fq-78ch-4wmj, PYSEC-2022-42971
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pqgj-ry81-6ua3 |
|
| 53 |
| url |
VCID-qxnw-7urw-fud2 |
| vulnerability_id |
VCID-qxnw-7urw-fud2 |
| summary |
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/27143 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:27:33Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/27143 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 17 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 18 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 19 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 20 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 21 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 22 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 23 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 24 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 25 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 26 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 27 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 28 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 29 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 30 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 31 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 32 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 33 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 34 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 35 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 36 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 37 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 38 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 39 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 40 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 41 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 42 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 43 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.4.2 |
| purl |
pkg:pypi/apache-airflow@2.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 10 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 11 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 12 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 13 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 14 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 15 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 16 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 17 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 18 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 19 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 20 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 21 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 22 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 23 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 24 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 25 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 26 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 27 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 28 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 29 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 30 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 31 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 32 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 33 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 34 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 35 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 36 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 37 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 38 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 39 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 40 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 41 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2 |
|
|
| aliases |
BIT-airflow-2022-43982, CVE-2022-43982, GHSA-h63r-9xxf-f2c7, PYSEC-2022-42970
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qxnw-7urw-fud2 |
|
| 54 |
| url |
VCID-r1b5-6vah-rydn |
| vulnerability_id |
VCID-r1b5-6vah-rydn |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.0 |
| purl |
pkg:pypi/apache-airflow@2.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 10 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 11 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 12 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 13 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 14 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 15 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 16 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 17 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 18 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 19 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 20 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 21 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 22 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 23 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 24 |
| vulnerability |
VCID-fut9-4dat-qbfy |
|
| 25 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 26 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 27 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 28 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 29 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 30 |
| vulnerability |
VCID-k7ea-m9cw-w3fz |
|
| 31 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 32 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 33 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 34 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 35 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 36 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 37 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 38 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 39 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 40 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 41 |
| vulnerability |
VCID-swav-nrrn-wbcs |
|
| 42 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 43 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 44 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 45 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 46 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 47 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 48 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 49 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0 |
|
|
| aliases |
CVE-2022-40189, GHSA-rmf2-pwfq-h75j
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r1b5-6vah-rydn |
|
| 55 |
| url |
VCID-r6fk-1tfv-wkgq |
| vulnerability_id |
VCID-r6fk-1tfv-wkgq |
| summary |
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.5 |
| purl |
pkg:pypi/apache-airflow@1.10.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5qe8-jdbh-x7b4 |
|
| 13 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 14 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 15 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 16 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 17 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 18 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 19 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 20 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 21 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 22 |
| vulnerability |
VCID-91ta-vnkv-5ydh |
|
| 23 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 24 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 25 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 26 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 27 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 28 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 29 |
| vulnerability |
VCID-dp6s-jdma-a7cc |
|
| 30 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 31 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 32 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 33 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 34 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 35 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 36 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 37 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 38 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 39 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 40 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 41 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 42 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 43 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 44 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 45 |
| vulnerability |
VCID-krjr-ctw4-r3d3 |
|
| 46 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 47 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 48 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 49 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 50 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 51 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 52 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 53 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 54 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 55 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 56 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 57 |
| vulnerability |
VCID-syqv-6kj7-j3e5 |
|
| 58 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 59 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 60 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 61 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 62 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 63 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 64 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 65 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 66 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 67 |
| vulnerability |
VCID-ykge-bnhg-g7c4 |
|
| 68 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 69 |
| vulnerability |
VCID-yz8w-uv1z-5ybw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.5 |
|
|
| aliases |
PYSEC-2020-181
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r6fk-1tfv-wkgq |
|
| 56 |
| url |
VCID-rysu-xhvt-yqda |
| vulnerability_id |
VCID-rysu-xhvt-yqda |
| summary |
Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.
This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2
Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.0 |
| purl |
pkg:pypi/apache-airflow@2.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 1 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 2 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 3 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 4 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 5 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 6 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 7 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 8 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 9 |
| vulnerability |
VCID-k4r8-a72h-fkdf |
|
| 10 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 11 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 12 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 13 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 14 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 15 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 16 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0 |
|
|
| aliases |
BIT-airflow-2023-48291, CVE-2023-48291, GHSA-8f57-wcmg-4jmh, PYSEC-2023-265
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rysu-xhvt-yqda |
|
| 57 |
| url |
VCID-s49h-br5r-5yh8 |
| vulnerability_id |
VCID-s49h-br5r-5yh8 |
| summary |
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.
Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/33512 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33512 |
|
| 5 |
| reference_url |
https://github.com/apache/airflow/pull/33516 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33516 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.1 |
| purl |
pkg:pypi/apache-airflow@2.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 3 |
| vulnerability |
VCID-63fw-ggbk-9ycy |
|
| 4 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 5 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 6 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 7 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 8 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 9 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 10 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 11 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 12 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 13 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 14 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 15 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 16 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 17 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 18 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 19 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 20 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 21 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 22 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 23 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 24 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 25 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 26 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1 |
|
|
| aliases |
BIT-airflow-2023-40712, CVE-2023-40712, GHSA-mjqh-v5f2-g2mw, PYSEC-2023-171
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s49h-br5r-5yh8 |
|
| 58 |
| url |
VCID-ssbp-gvfd-2kef |
| vulnerability_id |
VCID-ssbp-gvfd-2kef |
| summary |
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.0.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 21 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 22 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 23 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 24 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 25 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 26 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 27 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 28 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 29 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 30 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 31 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 32 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 33 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 34 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 35 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 36 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 37 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 38 |
| vulnerability |
VCID-kjw8-c6cn-3kee |
|
| 39 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 40 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 41 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 42 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 43 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 44 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 45 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 46 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 47 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 48 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 49 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 50 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 51 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 52 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 53 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 54 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 55 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 56 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 57 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 58 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.0.1 |
| purl |
pkg:pypi/apache-airflow@2.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 21 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 22 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 23 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 24 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 25 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 26 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 27 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 28 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 29 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 30 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 31 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 32 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 33 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 34 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 35 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 36 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 37 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 38 |
| vulnerability |
VCID-kjw8-c6cn-3kee |
|
| 39 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 40 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 41 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 42 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 43 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 44 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 45 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 46 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 47 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 48 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 49 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 50 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 51 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 52 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 53 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 54 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 55 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 56 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1 |
|
|
| aliases |
BIT-airflow-2021-26559, CVE-2021-26559, GHSA-ffw3-6mp6-jmvj, PYSEC-2021-2
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ssbp-gvfd-2kef |
|
| 59 |
| url |
VCID-syqv-6kj7-j3e5 |
| vulnerability_id |
VCID-syqv-6kj7-j3e5 |
| summary |
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.11rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5qe8-jdbh-x7b4 |
|
| 13 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 14 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 15 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 16 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 17 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 18 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 19 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 20 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 21 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 22 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 23 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 24 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 25 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 26 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 27 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 28 |
| vulnerability |
VCID-dp6s-jdma-a7cc |
|
| 29 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 30 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 31 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 32 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 33 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 34 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 35 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 36 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 37 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 38 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 39 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 40 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 41 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 42 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 43 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 44 |
| vulnerability |
VCID-krjr-ctw4-r3d3 |
|
| 45 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 46 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 47 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 48 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 49 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 50 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 51 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 52 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 53 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 54 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 55 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 56 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 57 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 58 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 59 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 60 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 61 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 62 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 63 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 64 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 65 |
| vulnerability |
VCID-ykge-bnhg-g7c4 |
|
| 66 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1 |
|
|
| aliases |
BIT-airflow-2020-11978, CVE-2020-11978, GHSA-rvmq-4x66-q7j3, PYSEC-2020-14
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-syqv-6kj7-j3e5 |
|
| 60 |
| url |
VCID-tcjg-f9cn-mubj |
| vulnerability_id |
VCID-tcjg-f9cn-mubj |
| summary |
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.13 |
| purl |
pkg:pypi/apache-airflow@1.10.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 20 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 21 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 22 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 23 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 24 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 25 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 26 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 27 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 28 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 29 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 30 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 31 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 32 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 33 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 34 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 35 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 36 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 37 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 38 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 39 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 40 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 41 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 42 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 43 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 44 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 45 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 46 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 47 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 48 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 49 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 50 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 51 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 52 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 53 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 54 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 55 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 56 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 57 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 58 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 59 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.15rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.15rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 21 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 22 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 23 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 24 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 25 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 26 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 27 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 28 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 29 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 30 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 31 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 32 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 33 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 34 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 35 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 36 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 37 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 38 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 39 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 40 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 41 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 42 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 43 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 44 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 45 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 46 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 47 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 48 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 49 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 50 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 51 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 52 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 53 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 54 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 55 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 56 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 57 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.15rc1 |
|
| 2 |
| url |
pkg:pypi/apache-airflow@2.0.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.0.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 20 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 21 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 22 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 23 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 24 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 25 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 26 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 27 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 28 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 29 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 30 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 31 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 32 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 33 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 34 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 35 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 36 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 37 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 38 |
| vulnerability |
VCID-kjw8-c6cn-3kee |
|
| 39 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 40 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 41 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 42 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 43 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 44 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 45 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 46 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 47 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 48 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 49 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 50 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 51 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 52 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 53 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 54 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 55 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2rc1 |
|
|
| aliases |
BIT-airflow-2020-17515, CVE-2020-17515, GHSA-86vp-x3pr-79rx, PYSEC-2020-21
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tcjg-f9cn-mubj |
|
| 61 |
| url |
VCID-tpjn-4kru-vucv |
| vulnerability_id |
VCID-tpjn-4kru-vucv |
| summary |
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow/pull/63028 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:56:44Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/63028 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
BIT-airflow-2026-30912, CVE-2026-30912, GHSA-w7cf-2pmc-5m4c, PYSEC-2026-18
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tpjn-4kru-vucv |
|
| 62 |
| url |
VCID-vj7z-pmk3-cydg |
| vulnerability_id |
VCID-vj7z-pmk3-cydg |
| summary |
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.
Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
7.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/32052 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
7.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32052 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.0b1 |
| purl |
pkg:pypi/apache-airflow@2.7.0b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 3 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 4 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 5 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 6 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 7 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 8 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 9 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 10 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 11 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 12 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 13 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 14 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 15 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 16 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 17 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 18 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 19 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 20 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 21 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 22 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 23 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 24 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 25 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 26 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 27 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 28 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 29 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.7.0 |
| purl |
pkg:pypi/apache-airflow@2.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 3 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 4 |
| vulnerability |
VCID-63fw-ggbk-9ycy |
|
| 5 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 6 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 7 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 8 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 9 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 10 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 11 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 12 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 13 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 14 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 15 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 16 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 17 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 18 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 19 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 20 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 21 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 22 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 23 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 24 |
| vulnerability |
VCID-unq1-wwfg-6ydk |
|
| 25 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 26 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 27 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 28 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 29 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0 |
|
|
| aliases |
BIT-airflow-2023-37379, CVE-2023-37379, GHSA-x2mh-8fmc-rqgh, PYSEC-2023-152
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vj7z-pmk3-cydg |
|
| 63 |
| url |
VCID-vras-f42j-xqfg |
| vulnerability_id |
VCID-vras-f42j-xqfg |
| summary |
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.
Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue |
| references |
|
| fixed_packages |
|
| aliases |
BIT-airflow-2025-68675, CVE-2025-68675, GHSA-7c2f-r6gc-h92h, PYSEC-2026-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vras-f42j-xqfg |
|
| 64 |
| url |
VCID-vy44-rbar-w3fn |
| vulnerability_id |
VCID-vy44-rbar-w3fn |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/32014 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:43:45Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32014 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 3 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 4 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 5 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 6 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 7 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 8 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 9 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 10 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 11 |
| vulnerability |
VCID-cxqa-pqca-pqgc |
|
| 12 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 13 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 14 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 15 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 16 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 17 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 18 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 19 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 20 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 21 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 22 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 23 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 24 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 25 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 26 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 27 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 28 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
| 29 |
| vulnerability |
VCID-z5b8-kcbh-m7hr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
BIT-airflow-2023-35908, CVE-2023-35908, GHSA-2h84-3crq-vgfj, PYSEC-2023-119
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vy44-rbar-w3fn |
|
| 65 |
| url |
VCID-w8ff-8479-rbfq |
| vulnerability_id |
VCID-w8ff-8479-rbfq |
| summary |
Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author.
Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/41672 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T13:50:48Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/41672 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
BIT-airflow-2024-45034, CVE-2024-45034, GHSA-92xg-gmrq-5c3w, PYSEC-2024-212
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ff-8479-rbfq |
|
| 66 |
| url |
VCID-xwza-guvs-83a9 |
| vulnerability_id |
VCID-xwza-guvs-83a9 |
| summary |
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/apache/airflow/pull/40475 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T19:39:48Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/40475 |
|
| 4 |
|
| 5 |
| reference_url |
https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T19:39:48Z/ |
|
|
| url |
https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
BIT-airflow-2024-39863, CVE-2024-39863, GHSA-j482-47xf-p25c, PYSEC-2024-189
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xwza-guvs-83a9 |
|
| 67 |
| url |
VCID-y76t-bjep-43fd |
| vulnerability_id |
VCID-y76t-bjep-43fd |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.0 |
| purl |
pkg:pypi/apache-airflow@2.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 5 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 6 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 7 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 8 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 9 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 10 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 11 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 12 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 13 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 14 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 15 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 16 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 17 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 18 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 19 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 20 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 21 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 22 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 23 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 24 |
| vulnerability |
VCID-fut9-4dat-qbfy |
|
| 25 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 26 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 27 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 28 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 29 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 30 |
| vulnerability |
VCID-k7ea-m9cw-w3fz |
|
| 31 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 32 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 33 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 34 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 35 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 36 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 37 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 38 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 39 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 40 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 41 |
| vulnerability |
VCID-swav-nrrn-wbcs |
|
| 42 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 43 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 44 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 45 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 46 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 47 |
| vulnerability |
VCID-x56a-2xkf-mfd3 |
|
| 48 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 49 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0 |
|
|
| aliases |
CVE-2022-40954, GHSA-45r6-j3cc-6mxx
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y76t-bjep-43fd |
|
| 68 |
| url |
VCID-ygjc-77t9-yfge |
| vulnerability_id |
VCID-ygjc-77t9-yfge |
| summary |
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.13 |
| purl |
pkg:pypi/apache-airflow@1.10.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 5 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 6 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 7 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 8 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 9 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 10 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 11 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 12 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 13 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 14 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 15 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 16 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 17 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 18 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 19 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 20 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 21 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 22 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 23 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 24 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 25 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 26 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 27 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 28 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 29 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 30 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 31 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 32 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 33 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 34 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 35 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 36 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 37 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 38 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 39 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 40 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 41 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 42 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 43 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 44 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 45 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 46 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 47 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 48 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 49 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 50 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 51 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 52 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 53 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 54 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 55 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 56 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 57 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 58 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 59 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13 |
|
|
| aliases |
BIT-airflow-2020-17511, CVE-2020-17511, GHSA-cvcq-gmc3-q6m8, PYSEC-2020-262
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ygjc-77t9-yfge |
|
| 69 |
| url |
VCID-ykge-bnhg-g7c4 |
| vulnerability_id |
VCID-ykge-bnhg-g7c4 |
| summary |
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-9g2w-5f3v-mfmm |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-9g2w-5f3v-mfmm |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.11rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5qe8-jdbh-x7b4 |
|
| 13 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 14 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 15 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 16 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 17 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 18 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 19 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 20 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 21 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 22 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 23 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 24 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 25 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 26 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 27 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 28 |
| vulnerability |
VCID-dp6s-jdma-a7cc |
|
| 29 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 30 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 31 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 32 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 33 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 34 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 35 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 36 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 37 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 38 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 39 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 40 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 41 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 42 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 43 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 44 |
| vulnerability |
VCID-krjr-ctw4-r3d3 |
|
| 45 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 46 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 47 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 48 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 49 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 50 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 51 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 52 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 53 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 54 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 55 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 56 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 57 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 58 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 59 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 60 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 61 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 62 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 63 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 64 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 65 |
| vulnerability |
VCID-ykge-bnhg-g7c4 |
|
| 66 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@1.10.11 |
| purl |
pkg:pypi/apache-airflow@1.10.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 13 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 14 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 15 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 16 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 17 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 18 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 19 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 20 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 21 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 22 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 23 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 24 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 25 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 26 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 27 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 28 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 29 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 30 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 31 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 32 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 33 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 34 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 35 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 36 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 37 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 38 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 39 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 40 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 41 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 42 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 43 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 44 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 45 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 46 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 47 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 48 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 49 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 50 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 51 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 52 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 53 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 54 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 55 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 56 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 57 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 58 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 59 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 60 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 61 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 62 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11 |
|
|
| aliases |
BIT-airflow-2020-11982, CVE-2020-11982, GHSA-9g2w-5f3v-mfmm, PYSEC-2020-16
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ykge-bnhg-g7c4 |
|
| 70 |
| url |
VCID-yrx8-dtav-83av |
| vulnerability_id |
VCID-yrx8-dtav-83av |
| summary |
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/apache/airflow/pull/37290 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/37290 |
|
| 12 |
| reference_url |
https://github.com/apache/airflow/pull/37468 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/37468 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.2 |
| purl |
pkg:pypi/apache-airflow@2.8.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 1 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 2 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 3 |
| vulnerability |
VCID-974g-7wsa-dqd7 |
|
| 4 |
| vulnerability |
VCID-g9j4-fhpm-uuba |
|
| 5 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 6 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 7 |
| vulnerability |
VCID-k4r8-a72h-fkdf |
|
| 8 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 9 |
| vulnerability |
VCID-mbgq-fq5n-kufh |
|
| 10 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 11 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 12 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 13 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2 |
|
|
| aliases |
BIT-airflow-2024-27906, CVE-2024-27906, GHSA-6v6w-h8m6-7mv2, PYSEC-2024-245
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yrx8-dtav-83av |
|
| 71 |
| url |
VCID-yz8w-uv1z-5ybw |
| vulnerability_id |
VCID-yz8w-uv1z-5ybw |
| summary |
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-976r-qfjj-c24w |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-976r-qfjj-c24w |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@1.10.11rc1 |
| purl |
pkg:pypi/apache-airflow@1.10.11rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1963-1kyn-2ban |
|
| 1 |
| vulnerability |
VCID-1azm-hsvr-f3e8 |
|
| 2 |
| vulnerability |
VCID-1ptn-xvsy-d3hu |
|
| 3 |
| vulnerability |
VCID-2q7x-bua5-37h7 |
|
| 4 |
| vulnerability |
VCID-2xpf-ut63-tbcx |
|
| 5 |
| vulnerability |
VCID-37nw-x186-puds |
|
| 6 |
| vulnerability |
VCID-4693-xwwu-7uem |
|
| 7 |
| vulnerability |
VCID-4btd-59ga-1yd4 |
|
| 8 |
| vulnerability |
VCID-4u8d-ezsr-sqcz |
|
| 9 |
| vulnerability |
VCID-5j9w-1tng-k3ac |
|
| 10 |
| vulnerability |
VCID-5n7u-et4v-vfb7 |
|
| 11 |
| vulnerability |
VCID-5ph5-s3qc-guf4 |
|
| 12 |
| vulnerability |
VCID-5qe8-jdbh-x7b4 |
|
| 13 |
| vulnerability |
VCID-5ufe-1rrj-rkgp |
|
| 14 |
| vulnerability |
VCID-6hxm-nnhg-buex |
|
| 15 |
| vulnerability |
VCID-7xea-ge93-yuee |
|
| 16 |
| vulnerability |
VCID-7z8j-8f4d-53dm |
|
| 17 |
| vulnerability |
VCID-82p8-yujf-hkdd |
|
| 18 |
| vulnerability |
VCID-8htr-89h8-6fba |
|
| 19 |
| vulnerability |
VCID-8m3p-yzr8-yyhj |
|
| 20 |
| vulnerability |
VCID-8npr-rvfd-jkfj |
|
| 21 |
| vulnerability |
VCID-8ykk-1kak-6bfd |
|
| 22 |
| vulnerability |
VCID-9f34-2r5y-sydz |
|
| 23 |
| vulnerability |
VCID-arbk-dryb-qkda |
|
| 24 |
| vulnerability |
VCID-bn9u-brjp-yudy |
|
| 25 |
| vulnerability |
VCID-ctd9-hxfn-8fcs |
|
| 26 |
| vulnerability |
VCID-d3kc-fn21-xqar |
|
| 27 |
| vulnerability |
VCID-dk1y-938p-k3bv |
|
| 28 |
| vulnerability |
VCID-dp6s-jdma-a7cc |
|
| 29 |
| vulnerability |
VCID-e19b-adrm-x7fu |
|
| 30 |
| vulnerability |
VCID-e41n-8a2f-53ay |
|
| 31 |
| vulnerability |
VCID-fctg-457f-4uae |
|
| 32 |
| vulnerability |
VCID-fnsx-gtgn-27dr |
|
| 33 |
| vulnerability |
VCID-ftrt-j7rc-pbct |
|
| 34 |
| vulnerability |
VCID-gbgf-jfzt-tqg1 |
|
| 35 |
| vulnerability |
VCID-gg94-fdbv-y7g1 |
|
| 36 |
| vulnerability |
VCID-gt7b-5554-y7dq |
|
| 37 |
| vulnerability |
VCID-hgq2-kuex-y3a3 |
|
| 38 |
| vulnerability |
VCID-hpf3-3z3m-6ydt |
|
| 39 |
| vulnerability |
VCID-j6uh-kx6m-sydp |
|
| 40 |
| vulnerability |
VCID-jqd6-8d26-7ya2 |
|
| 41 |
| vulnerability |
VCID-jrwf-mt69-1ydt |
|
| 42 |
| vulnerability |
VCID-kb4a-mm13-63bj |
|
| 43 |
| vulnerability |
VCID-kgfb-yphg-n3ec |
|
| 44 |
| vulnerability |
VCID-krjr-ctw4-r3d3 |
|
| 45 |
| vulnerability |
VCID-ms13-tzaa-hkej |
|
| 46 |
| vulnerability |
VCID-nfbc-tutd-37bw |
|
| 47 |
| vulnerability |
VCID-p42d-ta7v-7yhn |
|
| 48 |
| vulnerability |
VCID-pb3b-22wk-pbh5 |
|
| 49 |
| vulnerability |
VCID-pmtw-nwnc-nyfw |
|
| 50 |
| vulnerability |
VCID-pqgj-ry81-6ua3 |
|
| 51 |
| vulnerability |
VCID-qxnw-7urw-fud2 |
|
| 52 |
| vulnerability |
VCID-r1b5-6vah-rydn |
|
| 53 |
| vulnerability |
VCID-rysu-xhvt-yqda |
|
| 54 |
| vulnerability |
VCID-s49h-br5r-5yh8 |
|
| 55 |
| vulnerability |
VCID-ssbp-gvfd-2kef |
|
| 56 |
| vulnerability |
VCID-tcjg-f9cn-mubj |
|
| 57 |
| vulnerability |
VCID-tpjn-4kru-vucv |
|
| 58 |
| vulnerability |
VCID-vj7z-pmk3-cydg |
|
| 59 |
| vulnerability |
VCID-vras-f42j-xqfg |
|
| 60 |
| vulnerability |
VCID-vy44-rbar-w3fn |
|
| 61 |
| vulnerability |
VCID-w8ff-8479-rbfq |
|
| 62 |
| vulnerability |
VCID-xwza-guvs-83a9 |
|
| 63 |
| vulnerability |
VCID-y76t-bjep-43fd |
|
| 64 |
| vulnerability |
VCID-ygjc-77t9-yfge |
|
| 65 |
| vulnerability |
VCID-ykge-bnhg-g7c4 |
|
| 66 |
| vulnerability |
VCID-yrx8-dtav-83av |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1 |
|
|
| aliases |
BIT-airflow-2020-11981, CVE-2020-11981, GHSA-976r-qfjj-c24w, PYSEC-2020-15
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yz8w-uv1z-5ybw |
|