Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache airflow vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41131
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an malicious user to execute arbtrary commands in the task execution context, without write access to DAG file...
Apache Airflow
Apache Apache-airflow-providers-apache-hive
NA
CVE-2022-45402
In Apache Airflow versions before 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
Apache Airflow
NA
CVE-2022-27949
A vulnerability in UI of Apache Airflow allows an malicious user to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow befo...
Apache Airflow
NA
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions before 2.4.0.
Apache Airflow
3 Github repositories
NA
CVE-2022-43982
In Apache Airflow versions before 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.
Apache Airflow
NA
CVE-2022-43985
In Apache Airflow versions before 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
Apache Airflow
NA
CVE-2022-41672
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
Apache Airflow
NA
CVE-2022-40754
In Apache Airflow 2.3.0 up to and including 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
Apache Airflow
NA
CVE-2022-40604
In Apache Airflow 2.3.0 up to and including 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
Apache Airflow
NA
CVE-2022-38054
In Apache Airflow versions 2.2.4 up to and including 2.3.3, the `database` webserver session backend was susceptible to session fixation.
Apache Airflow
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »