Homepage
About Snyk

apache-airflow@2.9.0b2 vulnerabilities

Programmatically author, schedule and monitor data pipelines

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the apache-airflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

apache-airflow is a platform to programmatically author, schedule, and monitor workflows.

Affected versions of this package are vulnerable to Information Exposure via the configuration UI page. An attacker can see sensitive provider configuration by setting webserver.expose_config to non-sensitive-only, even though the celery provider is the only community provider currently that has sensitive configurations.

Note:

This is only exploitable if webserver.expose_config configuration is set to non-sensitive-only.

How to fix Information Exposure?

Upgrade apache-airflow to version 2.9.0 or higher.

[2.7.0,2.9.0)
Go back to all versions of this package