Lucene search
K

4 matches found

OSV
OSV
added 2026/04/21 12:1 p.m.5 views

BIT-AIRFLOW-2026-25917 Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS6AI score0.00822EPSS
Exploits0References4
OSV
OSV
added 2026/04/18 6:20 a.m.3 views

CVE-2026-25917 Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS6.2AI score0.00822EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/01/24 12:57 p.m.5 views

CVE-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

6.9AI score0.0121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.3 views

PT-2024-1306 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.1 Description: The issue is related to the deserialization mechanism in Apache Airflow, allowing a potential attacker to poison the XCom data by bypassing the protection of the enable xcom pickling=False...

10CVSS7.2AI score0.0121EPSS
Exploits0References18
Rows per page
Query Builder