CVE-2023-36543

MEDIUM

Apache Airflow <2.6.3 - DoS

Title source: llm

Description

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

References (2)

[Patch] https://github.com/apache/airflow/pull/32060

[Mailing List, Patch, Vendor Advisory] https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4

Scores

CVSS v3 6.5

EPSS 0.0075

EPSS Percentile 73.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1333

Status published

Products (2)

apache/airflow < 2.6.3

pypi/apache-airflow 0 - 2.6.3PyPI

Published Jul 12, 2023

Tracked Since Feb 18, 2026