Lucene search
ApacheCVELIST:CVE-2024-32077HistoryMay 14, 2024 - 10:43 a.m.
CVE-2024-32077 Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
2024-05-1410:43:20
CWE-79
apache
www.cve.org
apache airflow
xss vulnerability
task instance log
log details
cve-2024-32077
upgrade
version 2.9.1
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.
Users are recommended to upgrade to version 2.9.1, which fixes this issue.
CNA Affected
[
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.9.1",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-32077
2024-05-14 16:17:01
veracode
veracode
Cross-Site Scripting (XSS)
2024-05-17 08:58:34
osv
osv
BIT-airflow-2024-32077
2024-05-24 07:15:55
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
2024-05-14 18:31:00
cve
cve
CVE-2024-32077
2024-05-14 16:17:01
github
github
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
2024-05-14 18:31:00