Apache: >> Airflow >> 2.4.0 Security Vulnerabilities
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
CVSS Score
6.1
EPSS Score
0.014
Published
2022-11-02
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
CVSS Score
8.1
EPSS Score
0.003
Published
2022-10-07
Page 5