oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-32077: Apache Airflow: XSS vulnerability in Task Instance Log/Log Details

From: Ephraim Anierobi <ephraimanierobi () apache org>
Date: Tue, 14 May 2024 10:15:17 +0000
Severity: moderate

Affected versions:

- Apache Airflow 2.9.0 before 2.9.1

Description:

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into 
the task instance logs. 
Users are recommended to upgrade to version 2.9.1, which fixes this issue.

Credit:

Ming (finder)
Jens Scheffler (remediation developer)

References:

https://github.com/apache/airflow/pull/38882
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-32077
Previous By Date Next
Previous By Thread Next

Current thread: