x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-32077 #2835

GoVulnBot · 2024-05-14T12:01:44Z

CVE-2024-32077 references github.com/apache/airflow, which may be a Go module.

Description:
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.
Users are recommended to upgrade to version 2.9.1, which fixes this issue.

References:

Cross references:

Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2023-50943 #2473 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2023-50944 #2474 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2023-51702 #2475 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-27906 #2586 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-26280 #2596 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-28746 #2680 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-29735 #2681 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/apache/airflow
      vulnerable_at: 1.8.2
      packages:
        - package: Apache Airflow
summary: CVE-2024-32077 in github.com/apache/airflow
cves:
    - CVE-2024-32077
references:
    - fix: https://github.com/apache/airflow/pull/38882
    - web: https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77
source:
    id: CVE-2024-32077

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-06-05T18:39:47Z

Change https://go.dev/cl/590855 mentions this issue: data/excluded: add 20 excluded reports

tatianab added the possibly not Go label May 14, 2024

tatianab added excluded: NOT_GO_CODE This vulnerability does not refer to a Go module. and removed possibly not Go labels Jun 5, 2024

gopherbot closed this as completed in f538f38 Jun 5, 2024

GoVulnBot mentioned this issue Jun 14, 2024

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-25142 #2925

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-32077 #2835

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-32077 #2835

GoVulnBot commented May 14, 2024

gopherbot commented Jun 5, 2024

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-32077 #2835

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-32077 #2835

Comments

GoVulnBot commented May 14, 2024

gopherbot commented Jun 5, 2024