CVE-2024-32077

MEDIUM

Apache Airflow <2.9.1 - Code Injection

Title source: llm

Description

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.  Users are recommended to upgrade to version 2.9.1, which fixes this issue.

References (3)

Scores

CVSS v3 5.4
EPSS 0.0451
EPSS Percentile 88.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (7)

apache/airflow
apache/airflow
apache/airflow
apache/airflow
apache/airflow
apache/airflow
pypi/apache-airflow < 2.9.1PyPI

Timeline

Published May 14, 2024
Tracked Since Feb 18, 2026