25 matches found
CVE-2025-54550
Summary (CVE-2025-54550) : The issue concerns the example_xcom in Airflow documentation that reads from XComs using an unsafe pattern. The root cause is a vulnerable read pattern that could allow a UI user with XCom modification access to cause arbitrary code execution on the worker. The document...
EUVD-2012-5847
Malware in sbrugna...
EUVD-2022-28907
Malicious code in bioql PyPI...
CVE-2022-23992
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges...
CVE-2012-5973
CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request...
CVE-2023-50943
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
BIT-AIRFLOW-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
Internet Bug Bounty: Pickle deserialization vulnerability in XComs
CVE-2023-50943: Apache Airflow: Potential pickle deserialization vulnerability in XComs Severity: low Affected versions: - Apache Airflow before 2.8.1 Description: Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the...
Deserialization Of Untrusted Data
apache-airflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the deserialization of pickle stream when enablexcompickling = False. An attacker can poison XCom data by bypassing the protection of enablexcompickling = False. The vulnerability requires a DAG author...
CVE-2023-50943
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
PYSEC-2024-13
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
Deserialization of untrusted data
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
PYSEC-2024-13
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
CVE-2023-50943
Apache Airflow before 2.8.1 is affected by a pickle-deserialization issue in XComs. By bypassing the enable_xcom_pickling=False protection, an attacker could poison XCom data during deserialization, with impact described as data integrity risk. The vulnerability affects Airflow versions prior to ...
PT-2024-1306 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.1 Description: The issue is related to the deserialization mechanism in Apache Airflow, allowing a potential attacker to poison the XCom data by bypassing the protection of the enable xcom pickling=False...
Apache Airflow 代码问题漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A code execution vulnerability exists in Apache Airflow versions prior to 2.8.1,...
CVE-2022-23992
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges...
CVE-2022-23992
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges...
Input validation
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges...
CVE-2022-23992
CVE-2022-23992 concerns XCOM Data Transport for Windows, Linux, and UNIX 11.6 with an input validation flaw that could allow remote execution of arbitrary commands with elevated privileges. The issue surface is due to insufficient input validation. Affected component: XCOM Data Transport 11.6; im...