PYSEC-2024-264

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2024-264.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2024-264

Aliases

Published

2024-05-14T16:17:01.970Z

Modified

2026-05-21T15:00:18.145915890Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue.

References

Affected packages

PyPI / apache-airflow

Package

Name: apache-airflow; View open source insights on deps.dev
Purl: pkg:pypi/apache-airflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.9.0-NA

Last affected

2.9.0-beta1

Last affected

2.9.0-beta2

Last affected

2.9.0-rc1

Last affected

2.9.0-rc2

Last affected

2.9.0-rc3

Affected versions

2.*

2.9.0b1

2.9.0b2

2.9.0rc1

2.9.0rc2

2.9.0rc3

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2024-264.yaml"