4 matches found
Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-41018
The CVE-2026-41018 issue affects the Elasticsearch task-log handler in Apache Airflow providers for Elasticsearch. When the elasticsearch host URL includes embedded credentials (for example https://user:password@server:9200), the provider logs the full host URL, including the credentials, into ta...
PT-2026-39578
Name of the Vulnerable Software and Affected Versions apache-airflow-providers-elasticsearch versions prior to 6.5.3 Description The Elasticsearch logging provider writes the full host URL into task logs when configured with a host URL that embeds credentials. This allows any user with task-log...
Inefficient Algorithmic Complexity
Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the HTTPHeaders.add method. An attacker can cause the server's event loop to become...