26 matches found
EUVD-2024-2763
Malicious code in bioql PyPI...
EUVD-2023-0011
Malicious code in bioql PyPI...
CVE-2024-6867
An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the runs/runid/related endpoint. This endpoint does not verify that the user has the necessary access rights to the runs they are accessing. As a result, it returns not only the specified run but also all runs...
CVE-2023-22887
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit i...
CVE-2023-22888
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
TONGDA Office Anywhere SQL注入漏洞
TONGDA Office Anywhere is a collaborative office OA system of China Tongda TONGDA. TONGDA Office Anywhere has a SQL injection vulnerability that originates from the RUNID parameter of the /pda/approvecenter/prcsinfo.php page that contains a SQL injection vulnerability...
CVE-2024-6867 Information Disclosure in lunary-ai/lunary
An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the runs/runid/related endpoint. This endpoint does not verify that the user has the necessary access rights to the runs they are accessing. As a result, it returns not only the specified run but also all runs...
Exploit for Code Injection in Apache Airflow
Apache Airflow official report description says: A vulnerab...
Apache Airflow Input Validation Error Vulnerability (CNVD-2023-67074)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow versions prior to...
Apache Airflow Path Traversal Vulnerability
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A path traversal vulnerability exists in Apache Airflow versions prior to 2.6.3,...
CVE-2023-22888
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...
CVE-2023-22887
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit i...
CVE-2023-22887
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit i...
Code injection
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...
CVE-2023-22888 Apache Airflow: Scheduler remote DoS
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...
CVE-2023-22888 Apache Airflow: Scheduler remote DoS
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...
Apache Airflow 路径遍历漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A path traversal vulnerability exists in Apache Airflow versions prior to 2.6.3,...
Apache Airflow 输入验证错误漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow versions prior to...
Apache Airflow code injection vulnerability
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamic monitoring features. Apache Airflow has a code injection vulnerability, the vulnerability stems from the user input structure during the...