Homepage

apache-airflow-providers-edge3@1.6.0 vulnerabilities

Provider package apache-airflow-providers-edge3 for Apache Airflow

  • latest version

    3.0.2

  • latest non vulnerable version

    3.1.0rc1

  • first published

    10 months ago

  • latest version published

    15 days ago

  • licenses detected

  • View apache-airflow-providers-edge3 package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the apache-airflow-providers-edge3 package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Incorrect Resource Transfer Between Spheres

    apache-airflow-providers-edge3 is a Provider package apache-airflow-providers-edge3 for Apache Airflow

    Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via the Edge3 Worker RPC. An attacker can execute arbitrary code in the web-server context by leveraging access to the non-public API exposed when the provider is installed and configured. This is only exploitable if the Edge3 provider is installed and configured on Airflow 2.

    How to fix Incorrect Resource Transfer Between Spheres?

    Upgrade apache-airflow-providers-edge3 to version 2.0.0rc1 or higher.

    [,2.0.0rc1)
    Go back to all versions of this package