Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
airflow vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39441
Apache Airflow SMTP Provider prior to 1.3.0, Apache Airflow IMAP Provider prior to 3.3.0, and Apache Airflow prior to 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificat...
Apache Airflow
Apache Apache-airflow-providers-smtp
Apache Apache-airflow-providers-imap
NA
CVE-2023-51702
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally,...
Apache Airflow Cncf Kubernetes
Apache Airflow
NA
CVE-2023-46215
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed...
Apache Airflow Celery Provider
Apache Airflow
NA
CVE-2023-22884
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: prior to 2.5.1; Apache Airflow MyS...
Apache Airflow
Apache Apache-airflow-providers-mysql
2 Github repositories
NA
CVE-2022-40954
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an malicious user to read arbtrary files in the task execution context, without write access to DAG files. Th...
Apache Airflow
Apache Apache-airflow-providers-apache-spark
NA
CVE-2022-40189
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an malicious user to control commands executed in the task execution context, without write access to DAG files...
Apache Airflow
Apache Apache-airflow-providers-apache-pig
NA
CVE-2022-41131
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an malicious user to execute arbtrary commands in the task execution context, without write access to DAG file...
Apache Airflow
Apache Apache-airflow-providers-apache-hive
NA
CVE-2022-38649
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an malicious user to control commands executed in the task execution context, without write access to DAG fil...
Apache Airflow
Apache Apache-airflow-providers-apache-pinot
NA
CVE-2023-35798
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connec...
Apache Apache-airflow-providers-odbc
Apache Apache-airflow-providers-microsoft-mssql
NA
CVE-2023-45348
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by d...
Apache Airflow
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »