Lucene search
K

115 matches found

RedhatCVE
RedhatCVE
added 2025/02/14 12:39 p.m.9 views

CVE-2023-50943

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

7.5CVSS6.5AI score0.0121EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:50 a.m.19 views

BIT-AIRFLOW-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

7.5CVSS7.2AI score0.0121EPSS
Exploits0References4
Hacker One
Hacker One
added 2024/01/25 2:29 p.m.33 views

Internet Bug Bounty: Pickle deserialization vulnerability in XComs

CVE-2023-50943: Apache Airflow: Potential pickle deserialization vulnerability in XComs Severity: low Affected versions: - Apache Airflow before 2.8.1 Description: Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the...

7.5CVSS6.6AI score0.0121EPSS
Exploits0
Veracode
Veracode
added 2024/01/25 6:9 a.m.29 views

Deserialization Of Untrusted Data

apache-airflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the deserialization of pickle stream when enablexcompickling = False. An attacker can poison XCom data by bypassing the protection of enablexcompickling = False. The vulnerability requires a DAG author...

7.5CVSS6.8AI score0.0121EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/01/24 1:15 p.m.18 views

CVE-2023-50943

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

7.5CVSS7.4AI score0.0121EPSS
Exploits0References3
Prion
Prion
added 2024/01/24 1:15 p.m.21 views

Deserialization of untrusted data

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

5CVSS6.8AI score0.0121EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2024/01/24 1:15 p.m.5 views

PYSEC-2024-13

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

7.5CVSS6.8AI score0.0121EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/01/24 1:15 p.m.5 views

PYSEC-2024-13

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

7.5CVSS5.9AI score0.0121EPSS
Exploits0References3
OSV
OSV
added 2024/01/24 12:57 p.m.19 views

CVE-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

7.5CVSS5.9AI score0.0121EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/01/24 12:57 p.m.5 views

CVE-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

6.9AI score0.0121EPSS
Exploits0References3
CVE
CVE
added 2024/01/24 12:57 p.m.90 views

CVE-2023-50943

Apache Airflow before 2.8.1 is affected by a pickle-deserialization issue in XComs. By bypassing the enable_xcom_pickling=False protection, an attacker could poison XCom data during deserialization, with impact described as data integrity risk. The vulnerability affects Airflow versions prior to ...

7.5CVSS7.3AI score0.0121EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/01/24 12:0 a.m.4 views

Apache Airflow 代码问题漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A code execution vulnerability exists in Apache Airflow versions prior to 2.8.1,...

7.5CVSS8.1AI score0.0121EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.3 views

PT-2024-1306 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.1 Description: The issue is related to the deserialization mechanism in Apache Airflow, allowing a potential attacker to poison the XCom data by bypassing the protection of the enable xcom pickling=False...

10CVSS7.2AI score0.0121EPSS
Exploits0References18
OSV
OSV
added 2023/07/06 9:15 p.m.18 views

GHSA-2RX4-9F5H-9GJF Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

7.2CVSS7.1AI score0.01531EPSS
Exploits0References3
Veracode
Veracode
added 2023/06/01 1:1 p.m.17 views

Arbitrary Code Execution

Apache Airflow CNCF Kubernetes is vulnerable to Arbitrary Code Execution. The vulnerability exists because the xcom sidecar image and resources are not properly restricted which allows an attacker to inject arbitrary codes to change the connection object and perform unauthorized actions...

7.2CVSS7AI score0.01531EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/05/30 11:15 a.m.3 views

CVE-2023-33234

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

7.2CVSS7.4AI score0.01531EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/26 12:0 a.m.7 views

PT-2023-4070

Name of the Vulnerable Software and Affected Versions Apache Airflow CNCF Kubernetes provider version 5.0.0 Description The issue is related to a weakness in the procedure for neutralizing special elements in output, which can allow an attacker to execute arbitrary code. This can be exploited by ...

9CVSS7.2AI score0.01531EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.4 views

SUSE CVE-2006-3879

Integer overflow in the loadChunk function in loaders/loadgt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER GT2 module file with a large 0xffffffff comment length value in an XCOM chunk...

5CVSS7.1AI score0.09292EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/02/14 10:15 p.m.1 views

CVE-2022-23992

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges...

10CVSS6AI score0.02376EPSS
Exploits0References2
NVD
NVD
added 2022/02/14 10:15 p.m.25 views

CVE-2022-23992

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges...

10CVSS0.02376EPSS
Exploits0References1
Rows per page
Query Builder