GHSA-52gm-qmg3-r4qp

Source
https://github.com/advisories/GHSA-52gm-qmg3-r4qp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-52gm-qmg3-r4qp/GHSA-52gm-qmg3-r4qp.json
Aliases
  • CVE-2024-32077
Published
2024-05-14T18:31:00Z
Modified
2024-05-19T02:24:45.558900Z
Summary
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Details

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.  Users are recommended to upgrade to version 2.9.1, which fixes this issue.

References

Affected packages

PyPI / apache-airflow

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.9.0
Fixed
2.9.1

Affected versions

2.*

2.9.0
2.9.1rc1
2.9.1rc2