CVE-2023-50783

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are...

curl: Buffer over-read,, Missing NUL termination in addvariable() causes undefined behavior

Summary: In addvariable used by setvariable, the code allocates memory for p-name without space for a null-terminator and copies nlen bytes directly. Later, functions like varcontent call strlen on this name, assuming it is null-terminated. This can lead to out-of-bounds memory reads, causing...

EUVD-2019-3302

Malware in sbrugna...

EUVD-2021-28702

Malicious code in bioql PyPI...

CVE-2023-50783

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are...

PYSEC-2023-267

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are...

PT-2023-8380 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.0 Description: The issue is related to improper access control in Apache Airflow, allowing an authenticated user without the variable edit permission to update a variable. This compromises the integrity of...