Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/apache-airflow-providers-amazon@9.1.0rc1
Typepypi
Namespace
Nameapache-airflow-providers-amazon
Version9.1.0rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.22.0
Latest_non_vulnerable_version9.28.0
Affected_by_vulnerabilities
0
url VCID-p892-fx9r-vffn
vulnerability_id VCID-p892-fx9r-vffn
summary 
Apache Airflow AWS Auth Manager has Host Header Injection Leading to SAML Authentication Bypass
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL.
This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.

You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25604
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03733
published_at 2026-06-07T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03722
published_at 2026-06-09T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.0371
published_at 2026-06-08T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03745
published_at 2026-06-06T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.03742
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25604
1
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow
2
reference_url https://github.com/apache/airflow/commit/1a86aec01d827ba8caf41b645db56663a9a61850
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow/commit/1a86aec01d827ba8caf41b645db56663a9a61850
3
reference_url https://github.com/apache/airflow/pull/61368
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:47:57Z/
url https://github.com/apache/airflow/pull/61368
4
reference_url https://lists.apache.org/thread/spwwrsmwxod7fpttcd7n7zs46j839l77
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:47:57Z/
url https://lists.apache.org/thread/spwwrsmwxod7fpttcd7n7zs46j839l77
5
reference_url http://www.openwall.com/lists/oss-security/2026/03/09/6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/03/09/6
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25604
reference_id CVE-2026-25604
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25604
7
reference_url https://github.com/advisories/GHSA-rv5f-ccpm-xjj4
reference_id GHSA-rv5f-ccpm-xjj4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rv5f-ccpm-xjj4
fixed_packages
0
url pkg:pypi/apache-airflow-providers-amazon@9.22.0
purl pkg:pypi/apache-airflow-providers-amazon@9.22.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-amazon@9.22.0
aliases CVE-2026-25604, GHSA-rv5f-ccpm-xjj4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p892-fx9r-vffn
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-amazon@9.1.0rc1