Apache: >> Airflow >> 2.4.1 Security Vulnerabilities
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-03-15
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
CVSS Score
9.8
EPSS Score
0.639
Published
2023-01-21
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-11-15
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.
CVSS Score
6.1
EPSS Score
0.008
Published
2022-11-02
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-11-02
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-10-07
Page 4