GHSA-273c-4g26-4jpm

Опубликовано: 30 окт. 2025

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Apache Airflow /api/v2/dagReports executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

Ссылки

Пакеты

Наименование

apache-airflow

pip

Затронутые версииВерсия исправления

>= 3.0.0, < 3.1.1

3.1.1

EPSS

Процентиль: 38%

0.00166

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2025-62402

Дефекты

CWE-250

Связанные уязвимости

CVE-2025-62402

CVSS3: 5.4

nvd

13 дней назад

API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

CVE-2025-62402

CVSS3: 5.4

debian

13 дней назад

API users via `/api/v2/dagReports` could perform Dag code execution in ...

EPSS

Процентиль: 38%

0.00166

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2025-62402

Дефекты

CWE-250