Airflow@* Security Vulnerabilities and Issues — Airflow@* CVE List

Lucene search

ApacheAirflow*

3 matches found

CVE•added 2021/05/02 8:15 a.m.•887 views

CVE-2021-28359

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions

6.1CVSS7.1AI score0.12525EPSS

CVE•added 2021/09/09 3:15 p.m.•92 views

CVE-2021-38540

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, =2.0.0,

9.8CVSS9.8AI score0.89913EPSS

CVE•added 2021/08/16 8:15 a.m.•65 views

CVE-2021-35936

If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of D...

5.3CVSS5.7AI score0.00167EPSS