Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/05/11 9:30 a.m.13 views

Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/05/11 8:21 a.m.30 views

CVE-2026-41018

The CVE-2026-41018 issue affects the Elasticsearch task-log handler in Apache Airflow providers for Elasticsearch. When the elasticsearch host URL includes embedded credentials (for example https://user:password@server:9200), the provider logs the full host URL, including the credentials, into ta...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39578

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-elasticsearch versions prior to 6.5.3 Description The Elasticsearch logging provider writes the full host URL into task logs when configured with a host URL that embeds credentials. This allows any user with task-log...

7.5CVSS6.6AI score0.00786EPSS
Exploits1References162
Snyk
Snyk
added 2025/12/12 6:50 a.m.3 views

Inefficient Algorithmic Complexity

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the HTTPHeaders.add method. An attacker can cause the server's event loop to become...

8.7CVSS6.8AI score0.00396EPSS
Exploits0References2
Rows per page
Query Builder