PyPI package
airflow
pkg:pypi/airflow
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45784 | — | < 2.10.3 | 2.10.3 | Nov 15, 2024 | Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these l | ||
| CVE-2019-12417 | — | < 1.10.6 | 1.10.6 | Oct 30, 2019 | A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process. |
- CVE-2024-45784Nov 15, 2024affected < 2.10.3fixed 2.10.3
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these l
- CVE-2019-12417Oct 30, 2019affected < 1.10.6fixed 1.10.6
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.