17 matches found
BIT-AIRFLOW-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...
PYSEC-2026-172
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...
PYSEC-2026-172
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...
CVE-2026-42360
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...
CVE-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...
CVE-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.2.2, there were security...
DALIBO PostgreSQL Anonymizer 安全漏洞
DALIBO PostgreSQL Anonymizer is an extension for masking or replacing personally identifiable information PII or commercially sensitive data in PostgreSQL databases from France DALIBO. A security vulnerability exists in DALIBO PostgreSQL Anonymizer version v2.0 and v2.1, which stems from a...
Insecure Variable Substitution
github.com/go-vela/cli is vulnerable to Insecure Variable Substitution. The vulnerability arises due to the unexpected behavior of variable substitution combined with insensitive fields like parameters, image, and entrypoint. This allows for bypassing log masking and exposing secrets without usin...
Insecure Variable Substitution in Vela
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
PT-2024-22351 · Vela · Vela
Name of the Vulnerable Software and Affected Versions: Vela versions prior to 0.23.2 Description: Vela pipelines can use variable substitution combined with insensitive fields like parameters, image, and entrypoint to inject secrets into a plugin/image and bypass log masking, exposing secrets...
CVE-2022-22353
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480...
CVE-2021-38971
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620...
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 安全漏洞
IBM Data Virtualization on Cloud Pak for Data is a cloud-native solution from IBM USA. It allows you to work with data quickly and efficiently. An information disclosure vulnerability exists in IBM Data Virtualization on Cloud Pak for Data, which can be exploited by attackers to bypass data maski...
IBM Big SQL 缓冲区错误漏洞
IBM Big SQL is an enterprise-class, ANSI-compliant, hybrid SQL -on-Hadoop engine from IBM USA that provides massively parallel processing MPP and advanced data querying. A buffer error vulnerability exists in IBM Big SQL that allows an authenticated user with appropriate privileges to obtain...
IBM Cloud Pak for Data 安全漏洞
IBM Big SQL is an enterprise-class, ANSI-compliant hybrid SQL-on-Hadoop engine from IBM that provides massively parallel processing MPP and advanced data querying.IBM Big SQL contains a security vulnerability that could be exploited to allow an authenticated user with appropriate privileges to...
CVE-2022-22353
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480...