Lucene search
K

4 matches found

Snyk
Snyk
added 2026/06/01 10:29 a.m.13 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances that evaluates authorization against the dagid resolved from the URL path while operating on...

8.7CVSS5.5AI score0.00458EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...

7.5CVSS5.4AI score0.00458EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/06 9:59 p.m.10 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the GET /api/v1/stable/dags/tasks endpoint via improper tenant checks in the listTasksByDAGIds function. An attacker can access sensitive task metadata belonging to other tenants by...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
CNVD
CNVD
added 2026/03/19 12:0 a.m.2 views

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15159)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

6.5CVSS5.9AI score0.00406EPSS
Exploits0References1
Rows per page
Query Builder