Lucene search
ApacheCVE-2024-39863HistoryJul 17, 2024 - 8:15 a.m.
CVE-2024-39863
2024-07-1708:15:01
CWE-79
apache
web.nvd.nist.gov
27
apache airflow
authenticated
injection
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
27.3%
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
Affected configurations
Node
apacheairflowRange<2.9.3
CNA Affected
[
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
osv
osv
CGA-45cj-mqr9-6j37
2024-07-18 18:19:42
CVE-2024-39863
2024-07-17 08:15:01
BIT-airflow-2024-39863
2024-07-19 07:16:29
vulnrichment
vulnrichment
CVE-2024-39863 Apache Airflow: Potential XSS Vulnerability
2024-07-17 07:53:31
wolfi
wolfi
CVE-2024-39863 vulnerabilities
2024-09-19 09:11:50
github
github
Apache Airflow Potential Cross-site Scripting Vulnerability
2024-07-17 09:30:48
nvd
nvd
CVE-2024-39863
2024-07-17 08:15:01
cvelist
cvelist
CVE-2024-39863 Apache Airflow: Potential XSS Vulnerability
2024-07-17 07:53:31
veracode
veracode
Link Injection
2024-07-18 06:17:21
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
27.3%
Related for CVE-2024-39863