Lucene search
HistoryMay 14, 2024 - 4:17 p.m.
CVE-2024-32077
apache airflow
vulnerability
authenticated attacker
malicious data
task instance logs
upgrade
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.
Users are recommended to upgrade to version 2.9.1, which fixes this issue.
Affected configurations
Node
apacheairflowRange≤2.9.1
CNA Affected
[
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.9.1",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-32077
2024-05-14 16:17:01
veracode
veracode
Cross-Site Scripting (XSS)
2024-05-17 08:58:34
osv
osv
BIT-airflow-2024-32077
2024-05-24 07:15:55
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
2024-05-14 18:31:00
cvelist
cvelist
github
github
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
2024-05-14 18:31:00