GHSA-f9fq-78ch-4wmj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f9fq-78ch-4wmj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-f9fq-78ch-4wmj/GHSA-f9fq-78ch-4wmj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-f9fq-78ch-4wmj
- Aliases
- Published
- 2022-11-02T19:00:32Z
- Modified
- 2024-09-11T21:23:05.912820Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Apache Airflow Open Redirect vulnerability
- Details
-
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's
/confirmendpoint. - Database specific
{ "nvd_published_at": "2022-11-02T12:15:00Z", "cwe_ids": [ "CWE-601" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-11-03T18:12:26Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-43985
- https://github.com/apache/airflow/pull/27143
- https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97
- https://github.com/apache/airflow
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42971.yaml
- https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
Affected packages
PyPI / apache-airflow
Package
- Name
- apache-airflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/apache-airflow
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.2rc1
Affected versions
1.*
1.8.1
1.8.2rc1
1.8.2
1.9.0
1.10.0
1.10.1b1
1.10.1rc2
1.10.1
1.10.2b2
1.10.2rc1
1.10.2rc2
1.10.2rc3
1.10.2
1.10.3b1
1.10.3b2
1.10.3rc1
1.10.3rc2
1.10.3
1.10.4b2
1.10.4rc1
1.10.4rc2
1.10.4rc3
1.10.4rc4
1.10.4rc5
1.10.4
1.10.5rc1
1.10.5
1.10.6rc1
1.10.6rc2
1.10.6
1.10.7rc1
1.10.7rc2
1.10.7rc3
1.10.7
1.10.8rc1
1.10.8
1.10.9rc1
1.10.9
1.10.10rc1
1.10.10rc2
1.10.10rc3
1.10.10rc4
1.10.10rc5
1.10.10
1.10.11rc1
1.10.11rc2
1.10.11
1.10.12rc1
1.10.12rc2
1.10.12rc3
1.10.12rc4
1.10.12
1.10.13rc1
1.10.13
1.10.14rc1
1.10.14rc2
1.10.14rc3
1.10.14rc4
1.10.14
1.10.15rc1
1.10.15
2.*
2.0.0b1
2.0.0b2
2.0.0b3
2.0.0rc1
2.0.0rc2
2.0.0rc3
2.0.0
2.0.1rc1
2.0.1rc2
2.0.1
2.0.2rc1
2.0.2
2.1.0rc1
2.1.0rc2
2.1.0
2.1.1rc1
2.1.1
2.1.2rc1
2.1.2
2.1.3rc1
2.1.3
2.1.4rc1
2.1.4rc2
2.1.4
2.2.0b1
2.2.0b2
2.2.0rc1
2.2.0
2.2.1rc1
2.2.1rc2
2.2.1
2.2.2rc1
2.2.2rc2
2.2.2
2.2.3rc1
2.2.3rc2
2.2.3
2.2.4rc1
2.2.4
2.2.5rc1
2.2.5rc2
2.2.5rc3
2.2.5
2.3.0b1
2.3.0rc1
2.3.0rc2
2.3.0
2.3.1rc1
2.3.1
2.3.2rc1
2.3.2rc2
2.3.2
2.3.3rc1
2.3.3rc2
2.3.3rc3
2.3.3
2.3.4rc1
2.3.4
2.4.0b1
2.4.0rc1
2.4.0
2.4.1rc1
2.4.1