Lucene search
FortiGuard LabsFG-IR-22-008HistoryJun 07, 2022 - 12:00 a.m.
Multiple vulnerabilities in Apache Airflow
2022-06-0700:00:00
FortiGuard Labs
www.fortiguard.com
111
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.957 High
EPSS
Percentile
99.1%
Security advisories were released affecting the version of Apache Airflow library used in some Fortinet products:
Related
github
github
Cross-site Scripting in Apache Airflow
2021-06-18 18:43:42
Apache Airflow Cross-site scripting due to incomplete fix for CVE-2020-13944
2021-04-20 16:40:14
Insecure default config of Celery worker in Apache Airflow
2020-07-27 16:57:33
prion
prion
Design/Logic Flaw
2021-05-02 08:15:00
Design/Logic Flaw
2020-12-11 14:15:00
Design/Logic Flaw
2020-07-17 00:15:00
osv
osv
Cross-site Scripting in Apache Airflow
2021-06-18 18:43:42
PYSEC-2021-4
2021-05-02 08:15:00
BIT-airflow-2021-28359
2024-03-06 10:59:26
cve
cve
veracode
veracode
Cross-Site Scripting (XSS)
2021-05-03 04:59:04
Cross-Site Scripting (XSS)
2020-12-14 03:45:11
Server-Side Request Forgery (SSRF)
2020-12-15 01:58:55
nessus
nessus
Apache Airflow < 1.10.11 Multiple Vulnerabilities
2022-06-13 00:00:00
SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2021:0768-1)
2021-03-12 00:00:00
Fedora 32 : mingw-python3 (2021-309bc2e727)
2021-03-15 00:00:00
cnvd
cnvd
Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2022-09242)
2021-06-29 00:00:00
attackerkb
attackerkb
CVE-2020-13927
2020-11-10 00:00:00
nuclei
nuclei
Apache Airflow <1.10.14 - Authentication Bypass
2022-08-25 10:16:13
Airflow Experimental <1.10.11 - REST API Auth Bypass
2021-06-03 08:53:34
cisa_kev
cisa_kev
Apache Airflow's Experimental API Authentication Bypass
2022-01-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Airflow Authentication Bypass (CVE-2020-13927)
2022-02-09 00:00:00
Apache Airflow Command Injection (CVE-2020-11978; CVE-2020-13927)
2021-06-16 00:00:00
redhatcve
redhatcve
CVE-2021-23336
2021-02-15 20:05:02
fedora
fedora
[SECURITY] Fedora 33 Update: mingw-python3-3.9.2-1.fc33
2021-03-15 01:19:58
[SECURITY] Fedora 34 Update: python-django-3.1.7-1.fc34
2021-03-19 20:27:58
[SECURITY] Fedora 34 Update: mingw-python3-3.9.2-2.fc34
2021-03-19 20:28:38
alpinelinux
alpinelinux
CVE-2021-23336
2021-02-15 13:15:00
debiancve
debiancve
CVE-2021-23336
2021-02-15 13:15:00
mageia
mageia
Updated python and python3 packages fix security vulnerability
2021-04-02 13:16:21
Updated python-django package fixes a security vulnerability
2021-03-15 00:20:42
debian
debian
[SECURITY] [DLA 2569-1] python-django security update
2021-02-19 16:24:07
[SECURITY] [DLA 2628-1] python2.7 security update
2021-04-17 19:31:24
[SECURITY] [DLA 2619-1] python3.5 security update
2021-04-05 16:08:19
suse
suse
Security update for python (moderate)
2021-03-17 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-23336 affecting package python3 3.7.9-4
2021-07-08 21:56:42
CVE-2021-23336 affecting package python2 2.7.18-8
2022-04-09 06:51:57
CVE-2021-23336 affecting package python2 2.7.18-14
2021-04-06 23:50:12
photon
photon
Important Photon OS Security Update - PHSA-2021-0204
2021-03-05 00:00:00
Moderate Photon OS Security Update - PHSA-2021-3.0-0204
2021-03-05 00:00:00
ubuntucve
ubuntucve
CVE-2021-23336
2021-02-15 00:00:00
packetstorm
packetstorm
Apache Airflow 1.10.10 Remote Code Execution
2021-06-02 00:00:00
Apache Airflow 1.10.10 Remote Code Execution
2023-09-19 00:00:00
archlinux
archlinux
[ASA-202102-28] python-django: url request injection
2021-02-20 00:00:00
[ASA-202102-37] python: multiple issues
2021-02-27 00:00:00
ubuntu
ubuntu
Django vulnerability
2021-02-22 00:00:00
githubexploit
githubexploit
Exploit for Command Injection in Apache Airflow
2021-05-22 15:58:01
zdt
zdt
Apache Airflow 1.10.10 Remote Code Execution Exploit
2023-09-19 00:00:00
Apache Airflow 1.10.10 - (Example Dag) Remote Code Execution Exploit
2021-06-02 00:00:00
metasploit
metasploit
Apache Airflow 1.10.10 - Example DAG Remote Code Execution
2023-09-17 14:42:26
altlinux
altlinux
amazon
amazon
Medium: python36
2021-05-14 16:53:00
Medium: python35
2021-05-06 19:11:00
Medium: python3
2021-05-20 16:15:00
gentoo
gentoo
Python: Multiple vulnerabilities
2021-04-30 00:00:00
exploitdb
exploitdb
Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution
2021-06-02 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-09-22 18:04:42
almalinux
almalinux
Moderate: python3 security update
2021-05-18 05:42:46
redhat
redhat
(RHSA-2021:1633) Moderate: python3 security update
2021-05-18 05:42:46
oraclelinux
oraclelinux
python3 security update
2021-05-25 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.957 High
EPSS
Percentile
99.1%
Related for FG-IR-22-008