ghsa-52gm-qmg3-r4qp
Vulnerability from github
Published
2024-05-14 18:31
Modified
2024-06-10 20:18
Severity
Summary
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Details
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.9.0"
]
}
],
"aliases": [
"CVE-2024-32077"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-14T21:47:02Z",
"nvd_published_at": "2024-05-14T16:17:01Z",
"severity": "MODERATE"
},
"details": "Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.\u00a0\nUsers are recommended to upgrade to version 2.9.1, which fixes this issue.\n",
"id": "GHSA-52gm-qmg3-r4qp",
"modified": "2024-06-10T20:18:52Z",
"published": "2024-05-14T18:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32077"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/38882"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/commit/87acf61f574daf47ce9e03a986e352a2c727f4ce"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/05/14/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Airflow: XSS vulnerability in Task Instance Log/Log Details"
}
Loading...