Airflow 2.9.0 Vulnerability: Malicious Log Injection Risk

CVE-2024-32077

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Airflow
Vendor: CVE Published:; 14 May 2024

Summary

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue.

Affected Version(s)

Apache Airflow < 2.9.1

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Apr 10, 2024

Collectors

NVD DatabaseMitre Database

Credit

Ming

Jens Scheffler