CVE-2024-45034

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45034
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45034.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-45034
Aliases
Published
2024-09-07T08:15:11Z
Modified
2024-10-12T11:30:16.097052Z
Summary
[none]
Details

Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.

References

Affected packages

Git / github.com/apache/airflow

Affected ranges

Type
GIT
Repo
https://github.com/apache/airflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

constraints-2-3

constraints-2.*

constraints-2.0.0rc1
constraints-2.0.0rc2
constraints-2.0.0rc3
constraints-2.0.1rc1
constraints-2.1.0rc1
constraints-2.10.0
constraints-2.10.0b1
constraints-2.10.0b2
constraints-2.10.0rc1
constraints-2.2.0b1
constraints-2.2.0b2
constraints-2.2.0rc1
constraints-2.3.0b1
constraints-2.3.0rc1
constraints-2.3.0rc2
constraints-2.4.0b1