Medium severity5.4NVD Advisory· Published Jul 17, 2024· Updated Jun 17, 2026
CVE-2024-39863
CVE-2024-39863
Description
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflowPyPI | < 2.9.3 | 2.9.3 |
Affected products
9- osv-coords8 versionspkg:apk/chainguard/airflowpkg:apk/chainguard/airflow-bitnami-compatpkg:apk/chainguard/airflow-compatpkg:apk/wolfi/airflowpkg:apk/wolfi/airflow-bitnami-compatpkg:apk/wolfi/airflow-compatpkg:bitnami/airflowpkg:pypi/apache-airflow
< 2.9.3-r0+ 7 more
- (no CPE)range: < 2.9.3-r0
- (no CPE)range: < 2.9.3-r0
- (no CPE)range: < 2.9.3-r0
- (no CPE)range: < 2.9.3-r0
- (no CPE)range: < 2.9.3-r0
- (no CPE)range: < 2.9.3-r0
- (no CPE)range: < 2.9.3
- (no CPE)range: < 2.9.3
Patches
Vulnerability mechanics
References
7- github.com/apache/airflow/pull/40475nvdIssue TrackingPatchWEB
- github.com/advisories/GHSA-j482-47xf-p25cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-39863ghsaADVISORY
- www.openwall.com/lists/oss-security/2024/07/16/6nvdWEB
- github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yamlghsaWEB
- lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3nvdMailing ListWEB
News mentions
0No linked articles in our index yet.