CVE-2024-32077

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue.

CVSS

No CVSS.

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/05/14/1
https://github.com/apache/airflow/pull/38882
https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77

Configurations

No configuration.

History

10 Jun 2024, 18:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2024/05/14/1 -
Summary		(es) Apache Airflow versión 2.9.0 tiene una vulnerabilidad que permite a un atacante autenticado inyectar datos maliciosos en los registros de instancias de tareas. Se recomienda a los usuarios actualizar a la versión 2.9.1, que soluciona este problema.

14 May 2024, 16:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 16:17

Updated : 2024-06-10 18:15

NVD link : CVE-2024-32077

Mitre link : CVE-2024-32077

CVE.ORG link : CVE-2024-32077

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JSON object

Attach tags to CVE-2024-32077

Attach tags to `CVE-2024-32077`