Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/14 12:39 p.m.9 views

CVE-2023-50943

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

7.5CVSS6.5AI score0.0121EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/01/24 3:30 p.m.5 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +142 more potentially affected by CVE-2023-50943 via apache-airflow (>=1.8.2 <=2.8.1)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 and more Source cves: CVE-2023-50943 Source advisory: OSV:GHSA-C3C6-F2WW-XFR2...

7.5CVSS7.1AI score0.0121EPSS
Exploits0
OSV
OSV
added 2024/01/24 12:57 p.m.21 views

CVE-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

7.5CVSS5.9AI score0.0121EPSS
Exploits0References6
CVE
CVE
added 2024/01/24 12:57 p.m.97 views

CVE-2023-50943

Apache Airflow before 2.8.1 is affected by a pickle-deserialization issue in XComs. By bypassing the enable_xcom_pickling=False protection, an attacker could poison XCom data during deserialization, with impact described as data integrity risk. The vulnerability affects Airflow versions prior to ...

7.5CVSS7.3AI score0.0121EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder