Safety vulnerability ID: 73188
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.
Latest version: 2.10.4
Programmatically author, schedule and monitor data pipelines
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application