6 matches found
abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +29 more potentially affected by CVE-2024-39877 via apache-airflow (>=2.4.0 <=2.9.1)
apache-airflow PYPI version =2.4.0, =0.10.5.2rc3, =0.2.1, =0.9.0, =0.3.1, =0.0.4, =0.0.1a0, =1.0.0rc1, =1.0.0rc1, =1.0.0, =2.5.1rc1 - armada-airflow =0.5.4 - askquinta =0.1.1 and more Source cves: CVE-2024-39877 Source advisory: OSV:GHSA-G5HV-R743-V8PM...
abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +29 more potentially affected by CVE-2024-39877 via apache-airflow (>=2.4.0 <=2.9.1)
apache-airflow PYPI version =2.4.0, =0.10.5.2rc3, =0.2.1, =0.9.0, =0.3.1, =0.0.4, =0.0.1a0, =1.0.0rc1, =1.0.0rc1, =1.0.0, =2.5.1rc1 - armada-airflow =0.5.4 - askquinta =0.1.1 and more Source cves: CVE-2024-39877 Source advisory: OSV:PYSEC-2024-190...
CVE-2024-39877 vulnerabilities
Vulnerabilities for packages: airflow...
CVE-2024-39877 vulnerabilities
Vulnerabilities for packages: airflow...
CVE-2024-39877 Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a docmd parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to...
CVE-2024-39877 Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a docmd parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to...