Low severityNVD Advisory· Published Jun 14, 2024· Updated Mar 20, 2025
Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
CVE-2024-25142
Description
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.
Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.
This issue affects Apache Airflow: before 2.9.2.
Users are recommended to upgrade to version 2.9.2, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflowPyPI | < 2.9.2 | 2.9.2 |
Affected products
9- osv-coords8 versionspkg:apk/chainguard/airflowpkg:apk/chainguard/airflow-bitnami-compatpkg:apk/chainguard/airflow-compatpkg:apk/wolfi/airflowpkg:apk/wolfi/airflow-bitnami-compatpkg:apk/wolfi/airflow-compatpkg:bitnami/airflowpkg:pypi/apache-airflow
< 2.9.2-r0+ 7 more
- (no CPE)range: < 2.9.2-r0
- (no CPE)range: < 2.9.2-r0
- (no CPE)range: < 2.9.2-r0
- (no CPE)range: < 2.9.2-r0
- (no CPE)range: < 2.9.2-r0
- (no CPE)range: < 2.9.2-r0
- (no CPE)range: < 2.9.2
- (no CPE)range: < 2.9.2
Patches
Vulnerability mechanics
References
7- github.com/apache/airflow/pull/39550ghsapatchWEB
- github.com/advisories/GHSA-9xpj-62mm-24h2ghsaADVISORY
- lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nrghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-25142ghsaADVISORY
- www.openwall.com/lists/oss-security/2024/06/13/1ghsaWEB
- github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yamlghsaWEB
News mentions
0No linked articles in our index yet.