Lucene search
K
ApacheApache-airflow-providers-google

4 matches found

CVE
CVE
added 2023/02/24 11:48 a.m.126 views

CVE-2023-25692

The CVE-2023-25692 issue affects the Apache Airflow Google Provider up to version 8.10.0 (pre-8.10.0). The connected sources describe an Improper Input Validation vulnerability in this provider, with the impact noted as Denial of Service and, per a HackerOne report, potential for Remote Command E...

7.5CVSS7.4AI score0.01826EPSS
CVE
CVE
added 2023/02/24 11:35 a.m.72 views

CVE-2023-25691

CVE-2023-25691 affects Apache Airflow Google Provider versions before 8.10.0 due to Improper Input Validation in the Google Provider. The issue (root cause: input validation error) is assessed with a CRITICAL impact (CVSS 9.8) affecting confidentiality, integrity, and availability. Exploitation d...

9.8CVSS9.5AI score0.01583EPSS
CVE
CVE
added 2026/05/25 9:34 a.m.32 views

CVE-2026-45361

CVE-2026-45361 affects the Apache Airflow Google provider: ComputeEngineSSHHook disables SSH host-key verification by default, allowing an attacker on-path to intercept or modify SSH sessions between an Airflow worker and a Compute Engine VM. The vulnerability is tied to the ComputeEngineSSHHook ...

8.1CVSS5.8AI score0.0059EPSS
CVE
CVE
added 3 days ago15 views

CVE-2026-49297

Apache Airflow Google provider contains a path traversal flaw in GCSToSFTPOperator and GCSTimeSpanFileTransformOperator: GCS object names from bucket listings are joined to a destination path without normalisation or containment checks. A user with write access to a source GCS bucket could create...

8.1CVSS6.1AI score0.00602EPSS