Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/01 7:55 a.m.10 views

EUVD-2026-33597

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

5.8AI score0.00625EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.11 views

PT-2026-45974

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a task id containing .. sequences accepted by the Task SDK's KEY REGEX write-path attack, a...

6.5CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/18 9:30 a.m.6 views

Apache Airflow exposes SQL stack trace despite "api/expose_stack_traces" set to false

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

7.5CVSS5.7AI score0.00449EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/06 12:0 a.m.5 views

PT-2024-31664 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow version 2.10.0 Description: The issue allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. This is related to the example DAG example inlet event extra.py shipped with Apache Airflow...

8.8CVSS7.2AI score0.01237EPSS
Exploits0References16
Rows per page
Query Builder