Lucene search
+L

6 matches found

vulnersOsv
vulnersOsv
added 2024/07/17 9:30 a.m.6 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +29 more potentially affected by CVE-2024-39877 via apache-airflow (>=2.4.0 <=2.9.1)

apache-airflow PYPI version =2.4.0, =0.10.5.2rc3, =0.2.1, =0.9.0, =0.3.1, =0.0.4, =0.0.1a0, =1.0.0rc1, =1.0.0rc1, =1.0.0, =2.5.1rc1 - armada-airflow =0.5.4 - askquinta =0.1.1 and more Source cves: CVE-2024-39877 Source advisory: OSV:GHSA-G5HV-R743-V8PM...

8.8CVSS5.8AI score0.01726EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/17 8:15 a.m.4 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +29 more potentially affected by CVE-2024-39877 via apache-airflow (>=2.4.0 <=2.9.1)

apache-airflow PYPI version =2.4.0, =0.10.5.2rc3, =0.2.1, =0.9.0, =0.3.1, =0.0.4, =0.0.1a0, =1.0.0rc1, =1.0.0rc1, =1.0.0, =2.5.1rc1 - armada-airflow =0.5.4 - askquinta =0.1.1 and more Source cves: CVE-2024-39877 Source advisory: OSV:PYSEC-2024-190...

8.8CVSS5.8AI score0.01726EPSS
Exploits0
Chainguard
Chainguard
added 2024/07/17 8:15 a.m.20 views

CVE-2024-39877 vulnerabilities

Vulnerabilities for packages: airflow...

8.8CVSS8.8AI score0.01726EPSS
Exploits0
Wolfi
Wolfi
added 2024/07/17 8:15 a.m.33 views

CVE-2024-39877 vulnerabilities

Vulnerabilities for packages: airflow...

8.8CVSS6.8AI score0.01726EPSS
Exploits0
Cvelist
Cvelist
added 2024/07/17 7:54 a.m.43 views

CVE-2024-39877 Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a docmd parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to...

0.01726EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/17 7:54 a.m.41 views

CVE-2024-39877 Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a docmd parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to...

7.4AI score0.01726EPSS
Exploits0References2
Rows per page
Query Builder