Описание
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue.
Ссылки
- Mailing ListThird Party Advisory
- Issue TrackingPatch
- Mailing ListVendor Advisory
- Mailing ListThird Party Advisory
- Issue TrackingPatch
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:airflow:2.9.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:airflow:2.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:airflow:2.9.0:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:airflow:2.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:airflow:2.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:airflow:2.9.0:rc3:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03417
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
debian
больше 1 года назад
Apache Airflow version 2.9.0 has a vulnerability that allows an authen ...
CVSS3: 5.4
github
больше 1 года назад
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
EPSS
Процентиль: 87%
0.03417
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79