GHSA-9xpj-62mm-24h2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9xpj-62mm-24h2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-9xpj-62mm-24h2/GHSA-9xpj-62mm-24h2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9xpj-62mm-24h2
- Aliases
- Related
- Published
- 2024-06-14T09:31:17Z
- Modified
- 2025-01-21T18:28:58.515117Z
- Summary
- Apache Airflow does not return the "Cache-Control" header for dynamic content
- Details
-
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.
Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.
This issue affects Apache Airflow: before 2.9.2.
Users are recommended to upgrade to version 2.9.2, which fixes the issue.
- Database specific
{ "github_reviewed": true, "severity": "LOW", "nvd_published_at": "2024-06-14T09:15:09Z", "github_reviewed_at": "2024-06-17T21:24:09Z", "cwe_ids": [ "CWE-525" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-25142
- https://github.com/apache/airflow/pull/39550
- https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3
- https://github.com/apache/airflow
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml
- https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr
- http://www.openwall.com/lists/oss-security/2024/06/13/1
Affected packages
PyPI / apache-airflow
Package
- Name
- apache-airflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/apache-airflow
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.9.2
Affected versions
1.*
1.8.1
1.8.2rc1
1.8.2
1.9.0
1.10.0
1.10.1b1
1.10.1rc2
1.10.1
1.10.2b2
1.10.2rc1
1.10.2rc2
1.10.2rc3
1.10.2
1.10.3b1
1.10.3b2
1.10.3rc1
1.10.3rc2
1.10.3
1.10.4b2
1.10.4rc1
1.10.4rc2
1.10.4rc3
1.10.4rc4
1.10.4rc5
1.10.4
1.10.5rc1
1.10.5
1.10.6rc1
1.10.6rc2
1.10.6
1.10.7rc1
1.10.7rc2
1.10.7rc3
1.10.7
1.10.8rc1
1.10.8
1.10.9rc1
1.10.9
1.10.10rc1
1.10.10rc2
1.10.10rc3
1.10.10rc4
1.10.10rc5
1.10.10
1.10.11rc1
1.10.11rc2
1.10.11
1.10.12rc1
1.10.12rc2
1.10.12rc3
1.10.12rc4
1.10.12
1.10.13rc1
1.10.13
1.10.14rc1
1.10.14rc2
1.10.14rc3
1.10.14rc4
1.10.14
1.10.15rc1
1.10.15
2.*
2.0.0b1
2.0.0b2
2.0.0b3
2.0.0rc1
2.0.0rc2
2.0.0rc3
2.0.0
2.0.1rc1
2.0.1rc2
2.0.1
2.0.2rc1
2.0.2
2.1.0rc1
2.1.0rc2
2.1.0
2.1.1rc1
2.1.1
2.1.2rc1
2.1.2
2.1.3rc1
2.1.3
2.1.4rc1
2.1.4rc2
2.1.4
2.2.0b1
2.2.0b2
2.2.0rc1
2.2.0
2.2.1rc1
2.2.1rc2
2.2.1
2.2.2rc1
2.2.2rc2
2.2.2
2.2.3rc1
2.2.3rc2
2.2.3
2.2.4rc1
2.2.4
2.2.5rc1
2.2.5rc2
2.2.5rc3
2.2.5
2.3.0b1
2.3.0rc1
2.3.0rc2
2.3.0
2.3.1rc1
2.3.1
2.3.2rc1
2.3.2rc2
2.3.2
2.3.3rc1
2.3.3rc2
2.3.3rc3
2.3.3
2.3.4rc1
2.3.4
2.4.0b1
2.4.0rc1
2.4.0
2.4.1rc1
2.4.1
2.4.2rc1
2.4.2
2.4.3rc1
2.4.3
2.5.0rc1
2.5.0rc2
2.5.0rc3
2.5.0
2.5.1rc1
2.5.1rc2
2.5.1
2.5.2rc1
2.5.2rc2
2.5.2
2.5.3rc1
2.5.3rc2
2.5.3
2.6.0b1
2.6.0rc1
2.6.0rc2
2.6.0rc3
2.6.0rc4
2.6.0rc5
2.6.0
2.6.1rc1
2.6.1rc2
2.6.1rc3
2.6.1
2.6.2rc1
2.6.2rc2
2.6.2
2.6.3rc1
2.6.3
2.7.0b1
2.7.0rc1
2.7.0rc2
2.7.0
2.7.1rc1
2.7.1rc2
2.7.1
2.7.2rc1
2.7.2
2.7.3rc1
2.7.3
2.8.0b1
2.8.0rc1
2.8.0rc2
2.8.0rc3
2.8.0rc4
2.8.0
2.8.1rc1
2.8.1
2.8.2rc1
2.8.2rc2
2.8.2rc3
2.8.2
2.8.3rc1
2.8.3
2.8.4rc1
2.8.4
2.9.0b1
2.9.0b2
2.9.0rc1
2.9.0rc2
2.9.0rc3
2.9.0
2.9.1rc1
2.9.1rc2
2.9.1
2.9.2rc1