PyPi: Apache-Airflow

CVE-2024-27906

Safety vulnerability ID: 68475

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 29, 2024 Updated at Dec 16, 2024

Scan your Python projects for vulnerabilities →

Advisory

** DISPUTED ** Apache Airflow is affected by a vulnerability impacting versions before 2.8.2, where authenticated users can access DAG code and import errors for DAGs without required permissions via the API and UI. To mitigate this risk, upgrading to version 2.8.2 or newer is recommended.

Affected package

apache-airflow

Latest version: 2.10.4

Programmatically author, schedule and monitor data pipelines

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/apache/airflow/pull/37290
https://github.com/apache/airflow/pull/37468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27906
https://github.com/advisories/GHSA-6v6w-h8m6-7mv2

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application