Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jqd6-8d26-7ya2
Summary
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.

Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Note: the vulnerability is about the information exposed in the logs not about accessing the logs.

This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.

Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.
Aliases
0
alias CVE-2023-46215
1
alias GHSA-666g-rfc5-c9jv
Fixed_packages
0
url pkg:pypi/apache-airflow@2.7.0
purl pkg:pypi/apache-airflow@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1963-1kyn-2ban
1
vulnerability VCID-1azm-hsvr-f3e8
2
vulnerability VCID-2q7x-bua5-37h7
3
vulnerability VCID-4u8d-ezsr-sqcz
4
vulnerability VCID-63fw-ggbk-9ycy
5
vulnerability VCID-82p8-yujf-hkdd
6
vulnerability VCID-8m3p-yzr8-yyhj
7
vulnerability VCID-8npr-rvfd-jkfj
8
vulnerability VCID-8ykk-1kak-6bfd
9
vulnerability VCID-arbk-dryb-qkda
10
vulnerability VCID-cxqa-pqca-pqgc
11
vulnerability VCID-fctg-457f-4uae
12
vulnerability VCID-g9j4-fhpm-uuba
13
vulnerability VCID-hgq2-kuex-y3a3
14
vulnerability VCID-hpf3-3z3m-6ydt
15
vulnerability VCID-j6uh-kx6m-sydp
16
vulnerability VCID-kb4a-mm13-63bj
17
vulnerability VCID-mbgq-fq5n-kufh
18
vulnerability VCID-nfbc-tutd-37bw
19
vulnerability VCID-pmtw-nwnc-nyfw
20
vulnerability VCID-rysu-xhvt-yqda
21
vulnerability VCID-s49h-br5r-5yh8
22
vulnerability VCID-tpjn-4kru-vucv
23
vulnerability VCID-unq1-wwfg-6ydk
24
vulnerability VCID-vras-f42j-xqfg
25
vulnerability VCID-w8ff-8479-rbfq
26
vulnerability VCID-xwza-guvs-83a9
27
vulnerability VCID-yrx8-dtav-83av
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0
1
url pkg:pypi/apache-airflow-providers-celery@3.4.1
purl pkg:pypi/apache-airflow-providers-celery@3.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-celery@3.4.1
Affected_packages
0
url pkg:pypi/apache-airflow@1.10.0
purl pkg:pypi/apache-airflow@1.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1963-1kyn-2ban
1
vulnerability VCID-1azm-hsvr-f3e8
2
vulnerability VCID-1ptn-xvsy-d3hu
3
vulnerability VCID-2q7x-bua5-37h7
4
vulnerability VCID-2xpf-ut63-tbcx
5
vulnerability VCID-37nw-x186-puds
6
vulnerability VCID-4693-xwwu-7uem
7
vulnerability VCID-4btd-59ga-1yd4
8
vulnerability VCID-4u8d-ezsr-sqcz
9
vulnerability VCID-5j9w-1tng-k3ac
10
vulnerability VCID-5ph5-s3qc-guf4
11
vulnerability VCID-5qe8-jdbh-x7b4
12
vulnerability VCID-5ufe-1rrj-rkgp
13
vulnerability VCID-6hxm-nnhg-buex
14
vulnerability VCID-6n8u-47qj-suac
15
vulnerability VCID-7z8j-8f4d-53dm
16
vulnerability VCID-82p8-yujf-hkdd
17
vulnerability VCID-8m3p-yzr8-yyhj
18
vulnerability VCID-8npr-rvfd-jkfj
19
vulnerability VCID-8ykk-1kak-6bfd
20
vulnerability VCID-91ta-vnkv-5ydh
21
vulnerability VCID-9f34-2r5y-sydz
22
vulnerability VCID-arbk-dryb-qkda
23
vulnerability VCID-bgp2-bzbr-1uh5
24
vulnerability VCID-bn9u-brjp-yudy
25
vulnerability VCID-bxw8-918z-1be5
26
vulnerability VCID-c1bw-f7ck-2ybw
27
vulnerability VCID-ctd9-hxfn-8fcs
28
vulnerability VCID-d3kc-fn21-xqar
29
vulnerability VCID-dk1y-938p-k3bv
30
vulnerability VCID-dp6s-jdma-a7cc
31
vulnerability VCID-e19b-adrm-x7fu
32
vulnerability VCID-fctg-457f-4uae
33
vulnerability VCID-fnsx-gtgn-27dr
34
vulnerability VCID-gbgf-jfzt-tqg1
35
vulnerability VCID-gg94-fdbv-y7g1
36
vulnerability VCID-gt7b-5554-y7dq
37
vulnerability VCID-hgq2-kuex-y3a3
38
vulnerability VCID-hpf3-3z3m-6ydt
39
vulnerability VCID-j6uh-kx6m-sydp
40
vulnerability VCID-jqd6-8d26-7ya2
41
vulnerability VCID-jrwf-mt69-1ydt
42
vulnerability VCID-kb4a-mm13-63bj
43
vulnerability VCID-kgfb-yphg-n3ec
44
vulnerability VCID-krjr-ctw4-r3d3
45
vulnerability VCID-ms13-tzaa-hkej
46
vulnerability VCID-nfbc-tutd-37bw
47
vulnerability VCID-p42d-ta7v-7yhn
48
vulnerability VCID-pb3b-22wk-pbh5
49
vulnerability VCID-pmtw-nwnc-nyfw
50
vulnerability VCID-pqgj-ry81-6ua3
51
vulnerability VCID-qxnw-7urw-fud2
52
vulnerability VCID-r6fk-1tfv-wkgq
53
vulnerability VCID-rysu-xhvt-yqda
54
vulnerability VCID-s49h-br5r-5yh8
55
vulnerability VCID-ssbp-gvfd-2kef
56
vulnerability VCID-syqv-6kj7-j3e5
57
vulnerability VCID-tcjg-f9cn-mubj
58
vulnerability VCID-tpjn-4kru-vucv
59
vulnerability VCID-vj7z-pmk3-cydg
60
vulnerability VCID-vras-f42j-xqfg
61
vulnerability VCID-vy44-rbar-w3fn
62
vulnerability VCID-w8ff-8479-rbfq
63
vulnerability VCID-x8g4-88t4-cqdz
64
vulnerability VCID-xwza-guvs-83a9
65
vulnerability VCID-ygjc-77t9-yfge
66
vulnerability VCID-ykge-bnhg-g7c4
67
vulnerability VCID-yrx8-dtav-83av
68
vulnerability VCID-yz8w-uv1z-5ybw
69
vulnerability VCID-zqdb-94dc-vqfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.0
1
url pkg:pypi/apache-airflow-providers-celery@3.3.0
purl pkg:pypi/apache-airflow-providers-celery@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqd6-8d26-7ya2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-celery@3.3.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46215
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41074
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46215
1
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow
2
reference_url https://github.com/apache/airflow/pull/34954
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:33:38Z/
url https://github.com/apache/airflow/pull/34954
3
reference_url https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:33:38Z/
url https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n
4
reference_url http://www.openwall.com/lists/oss-security/2023/10/28/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:33:38Z/
url http://www.openwall.com/lists/oss-security/2023/10/28/1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46215
reference_id CVE-2023-46215
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46215
6
reference_url https://github.com/advisories/GHSA-666g-rfc5-c9jv
reference_id GHSA-666g-rfc5-c9jv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-666g-rfc5-c9jv
Weaknesses
0
cwe_id 532
name Insertion of Sensitive Information into Log File
description Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jqd6-8d26-7ya2