Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hpf3-3z3m-6ydt
Vulnerability ID VCID-hpf3-3z3m-6ydt
Aliases CVE-2024-25142
GHSA-9xpj-62mm-24h2
PYSEC-2024-195
Summary Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-525 Use of Web Browser Cache Containing Sensitive Information
System Score Found at
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-25142
cvssv3.1_qr LOW https://github.com/advisories/GHSA-9xpj-62mm-24h2
cvssv3.1 5.5 https://github.com/apache/airflow/pull/39550
cvssv3.1 5.5 https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr
cvssv3.1 5.5 http://www.openwall.com/lists/oss-security/2024/06/13/1
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-25142
https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3
https://github.com/apache/airflow/pull/39550
https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr
http://www.openwall.com/lists/oss-security/2024/06/13/1
CVE-2024-25142 https://nvd.nist.gov/vuln/detail/CVE-2024-25142
GHSA-9xpj-62mm-24h2 https://github.com/advisories/GHSA-9xpj-62mm-24h2
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/airflow/pull/39550
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2024/06/13/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.27723
EPSS Score 0.00102
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:34:41.703495+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2024-195.yaml 38.6.0