Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-32077 #2835

Open
GoVulnBot opened this issue May 14, 2024 · 0 comments
Open

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-32077 #2835

GoVulnBot opened this issue May 14, 2024 · 0 comments
Labels
possibly not Go

Comments

@GoVulnBot
Copy link

CVE-2024-32077 references github.com/apache/airflow, which may be a Go module.

Description:
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. 
Users are recommended to upgrade to version 2.9.1, which fixes this issue.

References:

Cross references:

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/apache/airflow
      vulnerable_at: 1.8.2
      packages:
        - package: Apache Airflow
summary: CVE-2024-32077 in github.com/apache/airflow
cves:
    - CVE-2024-32077
references:
    - fix: https://github.com/apache/airflow/pull/38882
    - web: https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77
source:
    id: CVE-2024-32077
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
possibly not Go
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tatianab @GoVulnBot