Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
airflow vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39441
Apache Airflow SMTP Provider prior to 1.3.0, Apache Airflow IMAP Provider prior to 3.3.0, and Apache Airflow prior to 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificat...
Apache Airflow
Apache Apache-airflow-providers-smtp
Apache Apache-airflow-providers-imap
NA
CVE-2023-46215
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed...
Apache Airflow Celery Provider
Apache Airflow
NA
CVE-2023-51702
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally,...
Apache Airflow Cncf Kubernetes
Apache Airflow
NA
CVE-2023-22884
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: prior to 2.5.1; Apache Airflow MyS...
Apache Airflow
Apache Apache-airflow-providers-mysql
2 Github repositories
NA
CVE-2022-40954
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an malicious user to read arbtrary files in the task execution context, without write access to DAG files. Th...
Apache Airflow
Apache Apache-airflow-providers-apache-spark
NA
CVE-2022-41131
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an malicious user to execute arbtrary commands in the task execution context, without write access to DAG file...
Apache Airflow
Apache Apache-airflow-providers-apache-hive
NA
CVE-2022-38649
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an malicious user to control commands executed in the task execution context, without write access to DAG fil...
Apache Airflow
Apache Apache-airflow-providers-apache-pinot
NA
CVE-2022-40189
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an malicious user to control commands executed in the task execution context, without write access to DAG files...
Apache Airflow
Apache Apache-airflow-providers-apache-pig
NA
CVE-2023-35798
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connec...
Apache Apache-airflow-providers-odbc
Apache Apache-airflow-providers-microsoft-mssql
6.5
CVSSv2
CVE-2020-11978
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability exists in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (d...
Apache Airflow
1 Metasploit module
4 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »