115 matches found
CVE-2023-50943
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
BIT-AIRFLOW-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
Internet Bug Bounty: Pickle deserialization vulnerability in XComs
CVE-2023-50943: Apache Airflow: Potential pickle deserialization vulnerability in XComs Severity: low Affected versions: - Apache Airflow before 2.8.1 Description: Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the...
Deserialization Of Untrusted Data
apache-airflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the deserialization of pickle stream when enablexcompickling = False. An attacker can poison XCom data by bypassing the protection of enablexcompickling = False. The vulnerability requires a DAG author...
CVE-2023-50943
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
Deserialization of untrusted data
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
PYSEC-2024-13
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
PYSEC-2024-13
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
CVE-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
CVE-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
CVE-2023-50943
Apache Airflow before 2.8.1 is affected by a pickle-deserialization issue in XComs. By bypassing the enable_xcom_pickling=False protection, an attacker could poison XCom data during deserialization, with impact described as data integrity risk. The vulnerability affects Airflow versions prior to ...
Apache Airflow 代码问题漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A code execution vulnerability exists in Apache Airflow versions prior to 2.8.1,...
PT-2024-1306 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.1 Description: The issue is related to the deserialization mechanism in Apache Airflow, allowing a potential attacker to poison the XCom data by bypassing the protection of the enable xcom pickling=False...
GHSA-2RX4-9F5H-9GJF Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...
Arbitrary Code Execution
Apache Airflow CNCF Kubernetes is vulnerable to Arbitrary Code Execution. The vulnerability exists because the xcom sidecar image and resources are not properly restricted which allows an attacker to inject arbitrary codes to change the connection object and perform unauthorized actions...
CVE-2023-33234
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...
PT-2023-4070
Name of the Vulnerable Software and Affected Versions Apache Airflow CNCF Kubernetes provider version 5.0.0 Description The issue is related to a weakness in the procedure for neutralizing special elements in output, which can allow an attacker to execute arbitrary code. This can be exploited by ...
SUSE CVE-2006-3879
Integer overflow in the loadChunk function in loaders/loadgt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER GT2 module file with a large 0xffffffff comment length value in an XCOM chunk...
CVE-2022-23992
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges...
CVE-2022-23992
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges...