ROOT-APP-PYPI-CVE-2023-25956 CVE-2023-25956 in rootio-apache-airflow-providers-amazon - Patched by Root

Root has patched CVE-2023-25956 in the rootio-apache-airflow-providers-amazon package for Root:PyPI. Multiple fixed versions available...

airflow-tools (>=0.9.0 <=0.11.0), dataflow-airflow (>=2.10.3 <=2.10.9) +2 more potentially affected by CVE-2026-42526 via apache-airflow-providers-amazon (>=9.0.0 <=9.17.0)

apache-airflow-providers-amazon PYPI version =9.0.0, =0.9.0, =2.10.3, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-42526 Source advisory: SNYK:PYTHON-APACHEAIRFLOWPROVIDERSAMAZON-16770135...

CVE-2026-42526 Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

CVE-2026-42526 Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...