Safety vulnerability ID: 71685
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Apache Airflow affected versions have a vulnerability related to improper preservation of permissions. The local file task handler incorrectly sets write permissions for all parent folders of the log folder, potentially adding write access to the Unix group. This is particularly problematic if Airflow is run as the root user, potentially impacting SSH operations if log files are stored in the home directory. This issue does not affect users of Official Airflow Docker images. Affected users should upgrade to version 2.8.4 or above, change the file task handler permissions, or ensure their umask is set to 002.
Latest version: 2.10.4
Programmatically author, schedule and monitor data pipelines
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application