VYPR

apk package

chainguard/airflow-core

pkg:apk/chainguard/airflow-core

Vulnerabilities (4)

  • CVE-2025-47287May 15, 2025
    affected < 2.11.0-r0fixed 2.11.0-r0

    Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high vo

  • CVE-2025-43859CriApr 24, 2025
    affected < 2.10.5-r4fixed 2.10.5-r4

    h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since explo

  • CVE-2025-30473Apr 7, 2025
    affected < 2.10.5-r3fixed 2.10.5-r3

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow Common SQL Provider. When using the partition clause in SQLTableCheckOperator as parameter (which was a recommended pattern), Authenticated UI User could inject a

  • CVE-2024-12797MedFeb 11, 2025
    affected < 2.10.5-r1fixed 2.10.5-r1

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections u