Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0zaDRtLW01NXYtZ3g0bc4AA0pL

High CVSS: 7.1 EPSS: 0.00773% (0.72601 Percentile) EPSS:
Permalink JSON

Apache Airflow Improper Input Validation vulnerability

Affected Packages Affected Versions Fixed Versions
pypi:apache-airflow
PURL: pkg:pypi/apache-airflow
< 2.6.3 2.6.3
314 Dependent packages
1,554 Dependent repositories
13,489,651 Downloads last month

Affected Version Ranges

All affected versions

1.8.1, 1.8.2, 1.9.0, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10, 1.10.11, 1.10.12, 1.10.13, 1.10.14, 1.10.15, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.1, 2.6.2

All unaffected versions

2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.11.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

References:

Identifiers

GHSA-3h4m-m55v-gx4m

CVE-2023-36543

Risk

Severity

High

CVSS

CVSS Score: 7.1

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00773

EPSS Percentile: 0.72601

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/airflow

Date and time

Published

about 2 years ago

Updated

10 months ago

API

JSON