5 matches found
ROOT-APP-PYPI-CVE-2023-37379 CVE-2023-37379 in rootio-apache-airflow - Patched by Root
Root has patched CVE-2023-37379 in the rootio-apache-airflow package for Root:PyPI. Multiple fixed versions available...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +137 more potentially affected by CVE-2023-37379 via apache-airflow (>=1.8.2 <=2.6.3)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-37379 Source advisory: OSV:GHSA-X2MH-8FMC-RQGH...
CVE-2023-37379
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +137 more potentially affected by CVE-2023-37379 via apache-airflow (>=1.8.2 <=2.6.3)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-37379 Source advisory: OSV:PYSEC-2023-152...
CVE-2023-37379
CVE-2023-37379 affects Apache Airflow versions prior to 2.7.0. An authenticated user with Connection edit privileges can access connection information and abuse the test connection feature by sending many requests, causing a DoS condition on the server and enabling potentially harmful connections...