apache-airflow@2.10.2rc1 vulnerabilities

Programmatically author, schedule and monitor data pipelines

latest version

2.10.3
latest non vulnerable version

2.10.3
first published

8 years ago
latest version published

16 days ago
licenses detected
- Apache-2.0
  [0,)
View apache-airflow package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the apache-airflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Insertion of Sensitive Information into Log File apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of configuration variables belonging to other DAG author users. If these variables contain sensitive values, which is a fact out of the attacking user's control, they will be exposed. How to fix Insertion of Sensitive Information into Log File? Upgrade `apache-airflow` to version 2.10.3rc1 or higher.	[,2.10.3rc1)
M Uninitialized Memory Exposure apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Uninitialized Memory Exposure which allows authenticated users with audit log access to see sensitive unencrypted stored values set via the airflow CLI. Note: Users who are using the CLI to set secret variables are advised to manually delete entries with those variables from the log table. How to fix Uninitialized Memory Exposure? Upgrade `apache-airflow` to version 2.10.3 or higher.	[,2.10.3)

Insertion of Sensitive Information into Log File

apache-airflow is a platform to programmatically author, schedule, and monitor workflows.

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of configuration variables belonging to other DAG author users. If these variables contain sensitive values, which is a fact out of the attacking user's control, they will be exposed.

How to fix Insertion of Sensitive Information into Log File?

Upgrade apache-airflow to version 2.10.3rc1 or higher.

[,2.10.3rc1)

Uninitialized Memory Exposure

apache-airflow is a platform to programmatically author, schedule, and monitor workflows.

Affected versions of this package are vulnerable to Uninitialized Memory Exposure which allows authenticated users with audit log access to see sensitive unencrypted stored values set via the airflow CLI.

Note: Users who are using the CLI to set secret variables are advised to manually delete entries with those variables from the log table.

How to fix Uninitialized Memory Exposure?

Upgrade apache-airflow to version 2.10.3 or higher.

[,2.10.3)

Go back to all versions of this package

apache-airflow@2.10.2rc1 vulnerabilities

Programmatically author, schedule and monitor data pipelines

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities