GHSA-g283-w6fp-c4fc

Suggest an improvement
Source
https://github.com/advisories/GHSA-g283-w6fp-c4fc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-g283-w6fp-c4fc/GHSA-g283-w6fp-c4fc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-g283-w6fp-c4fc
Aliases
Downstream
Published
2026-05-26T13:30:41Z
Modified
2026-06-30T17:15:18.297718220Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability
Details

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP authentication until the provider can be updated.

Database specific
{
    "github_reviewed_at": "2026-06-30T16:59:52Z",
    "cwe_ids": [
        "CWE-90"
    ],
    "severity": "MODERATE",
    "nvd_published_at": "2026-05-25T11:16:18Z",
    "github_reviewed": true
}
References

Affected packages

PyPI / apache-airflow-providers-fab

Package

Name
apache-airflow-providers-fab
View open source insights on deps.dev
Purl
pkg:pypi/apache-airflow-providers-fab

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.4

Affected versions

1.*
1.0.0rc1
1.0.0
1.0.1.dev0
1.0.1
1.0.2.dev0
1.0.2.dev1
1.0.2.dev2
1.0.2b0
1.0.2rc1
1.0.2
1.0.3rc1
1.0.3
1.0.4rc1
1.0.4
1.1.0rc1
1.1.0
1.1.1rc1
1.1.1
1.2.0rc1
1.2.0
1.2.1rc1
1.2.1
1.2.2rc1
1.2.2
1.3.0rc1
1.3.0
1.4.0rc1
1.4.0
1.4.1rc1
1.4.1
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.0
1.5.1rc1
1.5.1
1.5.2rc1
1.5.2
1.5.3rc1
1.5.3
1.5.4rc1
1.5.4
2.*
2.0.0b1
2.0.0rc1
2.0.0rc2
2.0.0rc3
2.0.0rc4
2.0.0
2.0.1rc1
2.0.1
2.0.2rc1
2.0.2rc2
2.0.2
2.1.0rc1
2.1.0
2.2.0rc1
2.2.0
2.2.1rc1
2.2.1rc2
2.2.1
2.3.0rc1
2.3.0
2.3.1rc1
2.3.1
2.4.0rc1
2.4.0
2.4.1rc1
2.4.1
2.4.2rc1
2.4.2
2.4.3rc1
2.4.3
2.4.4rc1
2.4.4
3.*
3.0.0rc1
3.0.0rc2
3.0.0
3.0.1rc1
3.0.1
3.0.2rc1
3.0.2
3.0.3rc1
3.0.3
3.1.0rc1
3.1.0
3.1.1rc1
3.1.1
3.1.2rc1
3.1.2
3.2.0rc1
3.2.0
3.3.0rc1
3.3.0
3.4.0rc1
3.4.0
3.5.0rc1
3.5.0
3.6.0rc1
3.6.0
3.6.1rc1
3.6.1
3.6.2rc1
3.6.2
3.6.3rc1
3.6.3
3.6.4rc1

Database specific

source
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-g283-w6fp-c4fc/GHSA-g283-w6fp-c4fc.json"