4 matches found
CVE-2023-50943
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +142 more potentially affected by CVE-2023-50943 via apache-airflow (>=1.8.2 <=2.8.1)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 and more Source cves: CVE-2023-50943 Source advisory: OSV:GHSA-C3C6-F2WW-XFR2...
CVE-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
CVE-2023-50943
Apache Airflow before 2.8.1 is affected by a pickle-deserialization issue in XComs. By bypassing the enable_xcom_pickling=False protection, an attacker could poison XCom data during deserialization, with impact described as data integrity risk. The vulnerability affects Airflow versions prior to ...