7 matches found
CVE-2022-40604
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction...
abi-ds-utils (=1.0.1), airflow-add-ons (=0.2.9b1) +4 more potentially affected by CVE-2022-40604 via apache-airflow (>=2.3.2 <=2.4.0)
apache-airflow PYPI version =2.3.2, =0.1.0, =0.1.0, =0.10.0.1 Source cves: CVE-2022-40604 Source advisory: OSV:GHSA-5RP4-749P-VX26...
CVE-2022-40604
creationtimestamp| type| source ---|---|--- 2022-09-21 12:40:39+00:00| seen| https://t.me/cibsecurity/50178 2025-01-18 17:08:37+00:00| seen| https://bsky.app/profile/securitycipher.bsky.social/post/3lfzsdzfmqo2v...
Internet Bug Bounty: CVE-2022-40604: Apache Airflow: Format String Vulnerability
There is a format string vulnerability in Apache Airflow versions 2.3.0 through 2.3.4 in the src/airflow/utils/log/filetaskhandler.py file. The vulnerability was caused by unnecessary formatting of a URL, which could allow for information extraction...
abi-ds-utils (=1.0.1), airflow-add-ons (=0.2.9b1) +4 more potentially affected by CVE-2022-40604 via apache-airflow (>=2.3.2 <=2.4.0)
apache-airflow PYPI version =2.3.2, =0.1.0, =0.1.0, =0.10.0.1 Source cves: CVE-2022-40604 Source advisory: OSV:PYSEC-2022-279...
CVE-2022-40604
CVE-2022-40604 affects Apache Airflow 2.3.0–2.3.4. A component of a URL was unnecessarily formatted, enabling information disclosure from a formatted URL. Multiple sources (NVD, OSV entries, and third‑party advisories) corroborate a format-string/vulnerability in the URL handling path (notably in...
CVE-2022-40604 Format String Vulnerability
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction...