Vulnerabilities > Apache > Airflow > 2.5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-12 | CVE-2023-22888 | Unspecified vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. | 6.5 |
2023-07-12 | CVE-2023-35908 | Incorrect Authorization vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected | 6.5 |
2023-07-12 | CVE-2023-36543 | Unspecified vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected | 6.5 |
2023-03-15 | CVE-2023-25695 | Information Exposure Through an Error Message vulnerability in Apache Airflow Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. | 5.3 |
2023-01-21 | CVE-2023-22884 | Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. | 9.8 |