Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
airflow vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-28707
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: prior to 2.3.2.
Apache Apache-airflow-providers-apache-drill
7.5
CVSSv3
CVE-2023-28710
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: prior to 4.0.1.
Apache Apache-airflow-providers-apache-spark
8.8
CVSSv3
CVE-2023-37415
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 prior to 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: prior to 6.1.2. It ...
Apache Apache-airflow-providers-apache-hive
9.8
CVSSv3
CVE-2023-35797
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: prior to 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this t...
Apache Apache-airflow-providers-apache-hive
9.8
CVSSv3
CVE-2022-46421
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: prior to 5.0.0.
Apache Apache-airflow-providers-apache-hive
5.3
CVSSv3
CVE-2021-29621
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in....
Flask-appbuilder Project Flask-appbuilder
Apache Airflow 1.10.0
NA
CVE-2024-28746
Apache Airflow, versions 2.8.0 up to and including 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are re...
NA
CVE-2024-27906
Apache Airflow, versions prior to 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to ...
NA
CVE-2024-29735
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 up to and including 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuratio...
NA
CVE-2024-29733
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »