Lucene search
K

5 matches found

Snyk
Snyk
added 2026/06/01 9:16 a.m.9 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the handling of rendered template fields when the length exceeds the configured maximum, causing nested sensitive keys within JSON structures to be stringified before redaction and...

7.1CVSS5.8AI score0.00335EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/01 9:16 a.m.12 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the str.lstrip function used for validating JWT tokens against Dag IDs. An attacker can gain unauthorized access to other Dags' log data by crafting JWT tokens that exploit character overlap in Dag names. Note...

3.1CVSS5.8AI score0.00344EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/01 8:16 a.m.9 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the /api/v2/connections/connectionid REST API endpoint. An attacker can access sensitive credential information stored in the extra JSON blob by making authenticated requests with...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/17 12:48 p.m.5 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the DagVersion listing API when the dagid parameter is set to "". An attacker can obtain unauthorized metadata about DAGs by sending a request with a wildcard value, bypassing...

6.5CVSS5.8AI score0.00406EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/09 12:30 p.m.6 views

Incorrect Use of Privileged APIs

Overview Affected versions of this package are vulnerable to Incorrect Use of Privileged APIs via insufficient permission checks in the getlog function. An authenticated user without log-viewing permissions can still access task execution logs containing sensitive operational data, debugging...

7.1CVSS5.8AI score0.00382EPSS
Exploits0References2
Rows per page
Query Builder