CVE-2024-32077

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.  Users are recommended to upgrade to version 2.9.1, which fixes this issue.
CVSS

No CVSS.

Configurations

No configuration.

History

21 Nov 2024, 09:14

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/05/14/1 - () http://www.openwall.com/lists/oss-security/2024/05/14/1 -
References () https://github.com/apache/airflow/pull/38882 - () https://github.com/apache/airflow/pull/38882 -
References () https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77 - () https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77 -

10 Jun 2024, 18:15

Type Values Removed Values Added
Summary
  • (es) Apache Airflow versión 2.9.0 tiene una vulnerabilidad que permite a un atacante autenticado inyectar datos maliciosos en los registros de instancias de tareas. Se recomienda a los usuarios actualizar a la versión 2.9.1, que soluciona este problema.
References
  • () http://www.openwall.com/lists/oss-security/2024/05/14/1 -

14 May 2024, 16:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 16:17

Updated : 2024-11-21 09:14


NVD link : CVE-2024-32077

Mitre link : CVE-2024-32077

CVE.ORG link : CVE-2024-32077


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')