Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-9XPJ-62MM-24H2
HistoryJun 14, 2024 - 9:31 a.m.

Apache Airflow does not return the "Cache-Control" header for dynamic content

2024-06-1409:31:17
CWE-525
GitHub Advisory Database
github.com
8
apache airflow
web browser cache
sensitive information

AI Score

6.5

Confidence

High

EPSS

0

Percentile

9.0%

JSON

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.

Airflow did not return “Cache-Control” header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

This issue affects Apache Airflow: before 2.9.2.

Users are recommended to upgrade to version 2.9.2, which fixes the issue.

Affected configurations

Vulners
Node
apacheairflowRange<2.9.2
VendorProductVersionCPE
apacheairflow*cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Related

osv 4
nvd 1
vulnrichment 1
cve 1
veracode 1
cvelist 1
wolfi 1
osv
osv
CVE-2024-25142
2024-06-14 09:15:09
CGA-33w6-99cx-72gx
2024-06-19 07:34:05
BIT-airflow-2024-25142
2024-06-18 07:17:29
nvd
nvd
CVE-2024-25142
2024-06-14 09:15:09
vulnrichment
vulnrichment
CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
2024-06-14 08:25:35
cve
cve
CVE-2024-25142
2024-06-14 09:15:09
veracode
veracode
Sensitive Information Disclosure
2024-06-17 04:21:59
cvelist
cvelist
CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
2024-06-14 08:25:35
wolfi
wolfi
CVE-2024-25142 vulnerabilities
2024-09-27 21:56:47

AI Score

6.5

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for GHSA-9XPJ-62MM-24H2
osv4nvd1vulnrichment1cve1veracode1cvelist1wolfi1