Airflow 2.9.0 Vulnerability: Malicious Log Injection Risk
CVE-2024-32077
Currently unrated 🤨
Summary
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue.
Affected Version(s)
Apache Airflow < 2.9.1
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Ming
Jens Scheffler