You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@airflow.apache.org by Jedidiah Cunningham <je...@apache.org> on 2022/09/20 18:53:42 UTC

CVE-2022-40604: Apache Airflow: Format String Vulnerability

Description:

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

Credit:

The Apache Airflow PMC would like to thank L3yx of Syclover Security Team for reporting this issue.

References:

https://github.com/apache/airflow/pull/26337