Internet Bug Bounty: Secrets can be unmasked in the "Rendered Template"

CVE-2023-40712: Apache Airflow versions before 2.7.1 allowed authenticated users to unmask secrets in the Rendered Template page by manipulating the executiondate parameter. Users should upgrade to version 2.7.1 or later...

neon date parsing vulnerability

Stefan Esser reports: A vulnerability within a libneon date parsing function could cause a heap overflow which could lead to remote code execution, depending on the application using libneon. The vulnerability is in the function nerfc1036parse, which is in turn used by the function nehttpdatepars...