Vulnerability-Lookup

CVE-2024-56373 (GCVE-0-2024-56373)

Vulnerability from cvelistv5 – Published: 2026-02-24 10:06 – Updated: 2026-02-26 14:44

Title

Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information

Summary

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information. The functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.

Severity

8.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

apache

References

3 references

URL	Tags
https://github.com/apache/airflow/pull/61880	patch
https://lists.apache.org/thread/2vrmrhcht6g7cp5yj…	vendor-advisory
http://www.openwall.com/lists/oss-security/2026/02/23/3

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Airflow	Affected: 0 , < 2.11.1 (semver)

Credits

Seokchan Yoon.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-24T10:18:40.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/02/23/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56373",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-25T04:55:43.628431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:09.219Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.python.org",
          "defaultStatus": "unaffected",
          "packageName": "apache-airflow",
          "product": "Apache Airflow",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.11.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Seokchan Yoon."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.\u003c/p\u003eThe functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change."
            }
          ],
          "value": "DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.\n\nThe functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "medium"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T10:06:41.162Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/airflow/pull/61880"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-56373",
    "datePublished": "2026-02-24T10:06:41.162Z",
    "dateReserved": "2024-12-22T12:06:12.879Z",
    "dateUpdated": "2026-02-26T14:44:09.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-56373",
      "date": "2026-06-29",
      "epss": "0.01134",
      "percentile": "0.62465"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56373\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-02-24T10:16:02.717\",\"lastModified\":\"2026-06-17T08:12:07.880\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.\\n\\nThe functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.\"},{\"lang\":\"es\",\"value\":\"El Autor de DAG (quien ya tiene bastantes permisos) podr\u00eda manipular la base de datos de Airflow 2 de manera que pueda ejecutar c\u00f3digo arbitrario en el contexto del servidor web, lo cual normalmente no deber\u00edan poder hacer, lo que lleva a una potencial ejecuci\u00f3n remota de c\u00f3digo en el contexto del servidor web (lado del servidor) como resultado de que un usuario vea informaci\u00f3n hist\u00f3rica de tareas.\\n\\nLa funcionalidad responsable de ello (historial de plantillas de registro) ha sido deshabilitada por defecto en 2.11.1 y los usuarios deber\u00edan actualizar a Airflow 3 si quieren seguir usando el historial de plantillas de registro. Tambi\u00e9n pueden modificar manualmente los nombres de los archivos de registro hist\u00f3ricos si quieren ver los registros hist\u00f3ricos que fueron generados antes del \u00faltimo cambio de plantilla de registro.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Airflow\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pypi.python.org\",\"packageName\":\"apache-airflow\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"2.11.1\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.7,\"impactScore\":6.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-02-25T04:55:43.628431Z\",\"id\":\"CVE-2024-56373\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.11.1\",\"matchCriteriaId\":\"CE505571-C239-4772-828B-050B2A942D7E\"}]}]}],\"references\":[{\"url\":\"https://github.com/apache/airflow/pull/61880\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/02/23/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/02/23/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-02-24T10:18:40.546Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-56373\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-25T04:55:43.628431Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-24T15:09:58.582Z\"}}], \"cna\": {\"title\": \"Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Seokchan Yoon.\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"medium\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Airflow\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.11.1\", \"versionType\": \"semver\"}], \"packageName\": \"apache-airflow\", \"collectionURL\": \"https://pypi.python.org\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/apache/airflow/pull/61880\", \"tags\": [\"patch\"]}, {\"url\": \"https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.\\n\\nThe functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.\u003c/p\u003eThe functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-02-24T10:06:41.162Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-56373\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T14:44:09.219Z\", \"dateReserved\": \"2024-12-22T12:06:12.879Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-02-24T10:06:41.162Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

bit-airflow-2024-56373

Vulnerability from bitnami_vulndb

Published

2026-02-26 08:39

Modified

2026-02-26 09:13

Summary

Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information

Details

The functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "airflow",
        "purl": "pkg:bitnami/airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.1"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-56373"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.\n\nThe functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.",
  "id": "BIT-airflow-2024-56373",
  "modified": "2026-02-26T09:13:58.886Z",
  "published": "2026-02-26T08:39:15.266Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/02/23/3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/61880"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56373"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information"
}

CERTFR-2026-AVI-0500

Vulnerability from certfr_avis - Published: 2026-04-27 - Updated: 2026-04-27

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	VMware	N/A	Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0
	VMware	N/A	Tanzu Data Lake versions antérieures à 4.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 37405	2026-04-24	vendor-advisory
Bulletin de sécurité VMware 37404	2026-04-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2019-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2026-2229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
    },
    {
      "name": "CVE-2018-19362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
    },
    {
      "name": "CVE-2026-33871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
    },
    {
      "name": "CVE-2026-22737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
    },
    {
      "name": "CVE-2026-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2021-21409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
    },
    {
      "name": "CVE-2026-22036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2026-24098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
    },
    {
      "name": "CVE-2018-14719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
    },
    {
      "name": "CVE-2026-24734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
    },
    {
      "name": "CVE-2021-0341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
    },
    {
      "name": "CVE-2025-66614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2025-56200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2026-1527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2026-41239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2022-37603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
    },
    {
      "name": "CVE-2023-34610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
    },
    {
      "name": "CVE-2024-47561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2026-34486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
    },
    {
      "name": "CVE-2026-1525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
    },
    {
      "name": "CVE-2018-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2026-29145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2025-49128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2018-14718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
    },
    {
      "name": "CVE-2020-10650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
    },
    {
      "name": "CVE-2025-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2026-23745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2026-33870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2020-13949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
    },
    {
      "name": "CVE-2023-33202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
    },
    {
      "name": "CVE-2024-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
    },
    {
      "name": "CVE-2023-26115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
    },
    {
      "name": "CVE-2025-54550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
    },
    {
      "name": "CVE-2025-54920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2025-33042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
    },
    {
      "name": "CVE-2024-11831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2026-34500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
    },
    {
      "name": "CVE-2025-9624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
    },
    {
      "name": "CVE-2026-34043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2025-64718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2025-62718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
    },
    {
      "name": "CVE-2026-4800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
    },
    {
      "name": "CVE-2026-33671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
    },
    {
      "name": "CVE-2026-33532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
    },
    {
      "name": "CVE-2025-68470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
    },
    {
      "name": "CVE-2025-67721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
    },
    {
      "name": "CVE-2024-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2026-33750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
    },
    {
      "name": "CVE-2025-66236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2024-48910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
    },
    {
      "name": "CVE-2024-8184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
    },
    {
      "name": "CVE-2025-11143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
    },
    {
      "name": "CVE-2026-34480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2026-33228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
    },
    {
      "name": "CVE-2025-12758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2026-40175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
    },
    {
      "name": "CVE-2024-57083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2024-23953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
    },
    {
      "name": "CVE-2026-29074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
    },
    {
      "name": "CVE-2025-68161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2026-41240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
    },
    {
      "name": "CVE-2026-26960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2024-53382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
    },
    {
      "name": "CVE-2018-12022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2018-5968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2026-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2024-45801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2025-27821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
    },
    {
      "name": "CVE-2022-41404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2026-22732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2026-34487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
    },
    {
      "name": "CVE-2025-27555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
    },
    {
      "name": "CVE-2025-65995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2026-24842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2026-23950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2026-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2019-12814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2026-32280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2025-69873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2025-67735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2025-68458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
    },
    {
      "name": "CVE-2021-22569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2026-29786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
    },
    {
      "name": "CVE-2025-26791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2026-25854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
    },
    {
      "name": "CVE-2021-22573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2026-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
    },
    {
      "name": "CVE-2025-58056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
    },
    {
      "name": "CVE-2026-1526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
    },
    {
      "name": "CVE-2019-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
    },
    {
      "name": "CVE-2024-47875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2026-33672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2023-42503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
    },
    {
      "name": "CVE-2024-56373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
    },
    {
      "name": "CVE-2026-25639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2021-31684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2026-22735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2026-24733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2025-68157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
    },
    {
      "name": "CVE-2017-15095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2025-8885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2018-11307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
    },
    {
      "name": "CVE-2026-26996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2025-68675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2026-34483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
    },
    {
      "name": "CVE-2022-37599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
    },
    {
      "name": "CVE-2026-32141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
    },
    {
      "name": "CVE-2025-59419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2026-33816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2026-25219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2026-31802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
    },
    {
      "name": "CVE-2025-13465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
    },
    {
      "name": "CVE-2025-22227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
    },
    {
      "name": "CVE-2026-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
    },
    {
      "name": "CVE-2026-1225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    },
    {
      "name": "CVE-2025-11226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "initial_release_date": "2026-04-27T00:00:00",
  "last_revision_date": "2026-04-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0500",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2026-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
    },
    {
      "published_at": "2026-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
    }
  ]
}

FKIE_CVE-2024-56373

Vulnerability from fkie_nvd - Published: 2026-02-24 10:16 - Updated: 2026-06-17 08:12

Severity

8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	https://github.com/apache/airflow/pull/61880	Issue Tracking
security@apache.org	https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2026/02/23/3	Mailing List, Third Party Advisory

Impacted products

	Vendor	Product	Version
	apache	airflow	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "collectionURL": "https://pypi.python.org",
          "defaultStatus": "unaffected",
          "packageName": "apache-airflow",
          "product": "Apache Airflow",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.11.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "source": "security@apache.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE505571-C239-4772-828B-050B2A942D7E",
              "versionEndExcluding": "2.11.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.\n\nThe functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change."
    },
    {
      "lang": "es",
      "value": "El Autor de DAG (quien ya tiene bastantes permisos) podr\u00eda manipular la base de datos de Airflow 2 de manera que pueda ejecutar c\u00f3digo arbitrario en el contexto del servidor web, lo cual normalmente no deber\u00edan poder hacer, lo que lleva a una potencial ejecuci\u00f3n remota de c\u00f3digo en el contexto del servidor web (lado del servidor) como resultado de que un usuario vea informaci\u00f3n hist\u00f3rica de tareas.\n\nLa funcionalidad responsable de ello (historial de plantillas de registro) ha sido deshabilitada por defecto en 2.11.1 y los usuarios deber\u00edan actualizar a Airflow 3 si quieren seguir usando el historial de plantillas de registro. Tambi\u00e9n pueden modificar manualmente los nombres de los archivos de registro hist\u00f3ricos si quieren ver los registros hist\u00f3ricos que fueron generados antes del \u00faltimo cambio de plantilla de registro."
    }
  ],
  "id": "CVE-2024-56373",
  "lastModified": "2026-06-17T08:12:07.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2024-56373",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-02-25T04:55:43.628431Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-02-24T10:16:02.717",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/apache/airflow/pull/61880"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2026/02/23/3"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GHSA-R837-HPV7-PC2F

Vulnerability from github – Published: 2026-02-24 12:31 – Updated: 2026-02-25 19:20

Summary

Apache Airflow vulnerable to Code Injection in the web-server context via LogTemplate table

Details

Severity

8.4 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-56373"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-25T19:20:56Z",
    "nvd_published_at": "2026-02-24T10:16:02Z",
    "severity": "HIGH"
  },
  "details": "DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.\n\nThe functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.",
  "id": "GHSA-r837-hpv7-pc2f",
  "modified": "2026-02-25T19:20:56Z",
  "published": "2026-02-24T12:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56373"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/61880"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/02/23/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Airflow vulnerable to Code Injection in the web-server context via LogTemplate table"
}

WID-SEC-W-2026-0493

Vulnerability from csaf_certbund - Published: 2026-02-23 23:00 - Updated: 2026-02-24 23:00

Summary

Apache Airflow: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apache Airflow ist eine Plattform zur programmatischen Erstellung, Planung und Überwachung von Workflows.

Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Airflow ausnutzen, um beliebigen Programmcode auszuführen oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2024-56373

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apache Airflow <2.11.1 Apache / Airflow		<2.11.1

CVE-2025-27555

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apache Airflow <2.11.1 Apache / Airflow		<2.11.1

References

6 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://seclists.org/oss-sec/2026/q1/197	external
https://seclists.org/oss-sec/2026/q1/198	external
https://lists.apache.org/thread/nxovkp319jo8vg498…	external
https://lists.apache.org/thread/nq7223ok22v18zjgc…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Airflow ist eine Plattform zur programmatischen Erstellung, Planung und \u00dcberwachung von Workflows.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Airflow ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0493 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0493.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0493 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0493"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2026-02-23",
        "url": "https://seclists.org/oss-sec/2026/q1/197"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2026-02-23",
        "url": "https://seclists.org/oss-sec/2026/q1/198"
      },
      {
        "category": "external",
        "summary": "Apache Mailing List vom 2026-02-23",
        "url": "https://lists.apache.org/thread/nxovkp319jo8vg498gql1yswtb2frbkw"
      },
      {
        "category": "external",
        "summary": "Apache Mailing List vom 2026-02-23",
        "url": "https://lists.apache.org/thread/nq7223ok22v18zjgctc72t9ggt4xy234"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Airflow: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-24T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-25T08:07:22.825+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0493",
      "initial_release_date": "2026-02-23T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-23T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-02-24T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-207547, EUVD-2024-55432"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.11.1",
                "product": {
                  "name": "Apache Airflow \u003c2.11.1",
                  "product_id": "T051124"
                }
              },
              {
                "category": "product_version",
                "name": "2.11.1",
                "product": {
                  "name": "Apache Airflow 2.11.1",
                  "product_id": "T051124-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:airflow:2.11.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Airflow"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-56373",
      "product_status": {
        "known_affected": [
          "T051124"
        ]
      },
      "release_date": "2026-02-23T23:00:00.000+00:00",
      "title": "CVE-2024-56373"
    },
    {
      "cve": "CVE-2025-27555",
      "product_status": {
        "known_affected": [
          "T051124"
        ]
      },
      "release_date": "2026-02-23T23:00:00.000+00:00",
      "title": "CVE-2025-27555"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-56373 (GCVE-0-2024-56373)

bit-airflow-2024-56373

Vulnerability from bitnami_vulndb

CERTFR-2026-AVI-0500

Solutions

FKIE_CVE-2024-56373

GHSA-R837-HPV7-PC2F

WID-SEC-W-2026-0493

Tags

Sightings

Nomenclature