CVE-2024-32077

ADVISORY - github

Summary

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue.

EPSS Score⁠: 0.03397 (0.875)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - github

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

PypA

CREATED

2 years ago

UPDATED

9 hours ago

ADVISORY ID

PYSEC-2024-264

EXPLOITABILITY SCORE

2.3

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.4medium

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
apache-airflow	pypi	-	-	=3.2.1	Not yet available
apache-airflow	pypi	-	-	=1.10.0	Not yet available
apache-airflow	pypi	-	-	=1.10.1	Not yet available
apache-airflow	pypi	-	-	=1.10.10	Not yet available
apache-airflow	pypi	-	-	=1.10.10rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.10rc2	Not yet available
apache-airflow	pypi	-	-	=1.10.10rc3	Not yet available
apache-airflow	pypi	-	-	=1.10.10rc4	Not yet available
apache-airflow	pypi	-	-	=1.10.10rc5	Not yet available
apache-airflow	pypi	-	-	=1.10.11	Not yet available
apache-airflow	pypi	-	-	=1.10.11rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.11rc2	Not yet available
apache-airflow	pypi	-	-	=1.10.12	Not yet available
apache-airflow	pypi	-	-	=1.10.12rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.12rc2	Not yet available
apache-airflow	pypi	-	-	=1.10.12rc3	Not yet available
apache-airflow	pypi	-	-	=1.10.12rc4	Not yet available
apache-airflow	pypi	-	-	=1.10.13	Not yet available
apache-airflow	pypi	-	-	=1.10.13rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.14	Not yet available
apache-airflow	pypi	-	-	=1.10.14rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.14rc2	Not yet available
apache-airflow	pypi	-	-	=1.10.14rc3	Not yet available
apache-airflow	pypi	-	-	=1.10.14rc4	Not yet available
apache-airflow	pypi	-	-	=1.10.15	Not yet available
apache-airflow	pypi	-	-	=1.10.15rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.1b1	Not yet available
apache-airflow	pypi	-	-	=1.10.1rc2	Not yet available
apache-airflow	pypi	-	-	=1.10.2	Not yet available
apache-airflow	pypi	-	-	=1.10.2b2	Not yet available
apache-airflow	pypi	-	-	=1.10.2rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.2rc2	Not yet available
apache-airflow	pypi	-	-	=1.10.2rc3	Not yet available
apache-airflow	pypi	-	-	=1.10.3	Not yet available
apache-airflow	pypi	-	-	=1.10.3b1	Not yet available
apache-airflow	pypi	-	-	=1.10.3b2	Not yet available
apache-airflow	pypi	-	-	=1.10.3rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.3rc2	Not yet available
apache-airflow	pypi	-	-	=1.10.4	Not yet available
apache-airflow	pypi	-	-	=1.10.4b2	Not yet available
apache-airflow	pypi	-	-	=1.10.4rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.4rc2	Not yet available
apache-airflow	pypi	-	-	=1.10.4rc3	Not yet available
apache-airflow	pypi	-	-	=1.10.4rc4	Not yet available
apache-airflow	pypi	-	-	=1.10.4rc5	Not yet available
apache-airflow	pypi	-	-	=1.10.5	Not yet available
apache-airflow	pypi	-	-	=1.10.5rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.6	Not yet available
apache-airflow	pypi	-	-	=1.10.6rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.6rc2	Not yet available
apache-airflow	pypi	-	-	=1.10.7	Not yet available
apache-airflow	pypi	-	-	=1.10.7rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.7rc2	Not yet available
apache-airflow	pypi	-	-	=1.10.7rc3	Not yet available
apache-airflow	pypi	-	-	=1.10.8	Not yet available
apache-airflow	pypi	-	-	=1.10.8rc1	Not yet available
apache-airflow	pypi	-	-	=1.10.9	Not yet available
apache-airflow	pypi	-	-	=1.10.9rc1	Not yet available
apache-airflow	pypi	-	-	=1.8.1	Not yet available
apache-airflow	pypi	-	-	=1.8.2	Not yet available
apache-airflow	pypi	-	-	=1.8.2rc1	Not yet available
apache-airflow	pypi	-	-	=1.9.0	Not yet available
apache-airflow	pypi	-	-	=2.0.0	Not yet available
apache-airflow	pypi	-	-	=2.0.0b1	Not yet available
apache-airflow	pypi	-	-	=2.0.0b2	Not yet available
apache-airflow	pypi	-	-	=2.0.0b3	Not yet available
apache-airflow	pypi	-	-	=2.0.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.0.0rc2	Not yet available
apache-airflow	pypi	-	-	=2.0.0rc3	Not yet available
apache-airflow	pypi	-	-	=2.0.1	Not yet available
apache-airflow	pypi	-	-	=2.0.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.0.1rc2	Not yet available
apache-airflow	pypi	-	-	=2.0.2	Not yet available
apache-airflow	pypi	-	-	=2.0.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.1.0	Not yet available
apache-airflow	pypi	-	-	=2.1.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.1.0rc2	Not yet available
apache-airflow	pypi	-	-	=2.1.1	Not yet available
apache-airflow	pypi	-	-	=2.1.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.1.2	Not yet available
apache-airflow	pypi	-	-	=2.1.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.1.3	Not yet available
apache-airflow	pypi	-	-	=2.1.3rc1	Not yet available
apache-airflow	pypi	-	-	=2.1.4	Not yet available
apache-airflow	pypi	-	-	=2.1.4rc1	Not yet available
apache-airflow	pypi	-	-	=2.1.4rc2	Not yet available
apache-airflow	pypi	-	-	=2.10.0	Not yet available
apache-airflow	pypi	-	-	=2.10.0b1	Not yet available
apache-airflow	pypi	-	-	=2.10.0b2	Not yet available
apache-airflow	pypi	-	-	=2.10.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.10.1	Not yet available
apache-airflow	pypi	-	-	=2.10.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.10.2	Not yet available
apache-airflow	pypi	-	-	=2.10.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.10.3	Not yet available
apache-airflow	pypi	-	-	=2.10.3rc1	Not yet available
apache-airflow	pypi	-	-	=2.10.3rc2	Not yet available
apache-airflow	pypi	-	-	=2.10.4	Not yet available
apache-airflow	pypi	-	-	=2.10.4rc1	Not yet available
apache-airflow	pypi	-	-	=2.10.5	Not yet available
apache-airflow	pypi	-	-	=2.10.5rc1	Not yet available
apache-airflow	pypi	-	-	=2.11.0	Not yet available
apache-airflow	pypi	-	-	=2.11.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.11.1	Not yet available
apache-airflow	pypi	-	-	=2.11.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.11.1rc2	Not yet available
apache-airflow	pypi	-	-	=2.11.2	Not yet available
apache-airflow	pypi	-	-	=2.11.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.2.0	Not yet available
apache-airflow	pypi	-	-	=2.2.0b1	Not yet available
apache-airflow	pypi	-	-	=2.2.0b2	Not yet available
apache-airflow	pypi	-	-	=2.2.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.2.1	Not yet available
apache-airflow	pypi	-	-	=2.2.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.2.1rc2	Not yet available
apache-airflow	pypi	-	-	=2.2.2	Not yet available
apache-airflow	pypi	-	-	=2.2.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.2.2rc2	Not yet available
apache-airflow	pypi	-	-	=2.2.3	Not yet available
apache-airflow	pypi	-	-	=2.2.3rc1	Not yet available
apache-airflow	pypi	-	-	=2.2.3rc2	Not yet available
apache-airflow	pypi	-	-	=2.2.4	Not yet available
apache-airflow	pypi	-	-	=2.2.4rc1	Not yet available
apache-airflow	pypi	-	-	=2.2.5	Not yet available
apache-airflow	pypi	-	-	=2.2.5rc1	Not yet available
apache-airflow	pypi	-	-	=2.2.5rc2	Not yet available
apache-airflow	pypi	-	-	=2.2.5rc3	Not yet available
apache-airflow	pypi	-	-	=2.3.0	Not yet available
apache-airflow	pypi	-	-	=2.3.0b1	Not yet available
apache-airflow	pypi	-	-	=2.3.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.3.0rc2	Not yet available
apache-airflow	pypi	-	-	=2.3.1	Not yet available
apache-airflow	pypi	-	-	=2.3.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.3.2	Not yet available
apache-airflow	pypi	-	-	=2.3.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.3.2rc2	Not yet available
apache-airflow	pypi	-	-	=2.3.3	Not yet available
apache-airflow	pypi	-	-	=2.3.3rc1	Not yet available
apache-airflow	pypi	-	-	=2.3.3rc2	Not yet available
apache-airflow	pypi	-	-	=2.3.3rc3	Not yet available
apache-airflow	pypi	-	-	=2.3.4	Not yet available
apache-airflow	pypi	-	-	=2.3.4rc1	Not yet available
apache-airflow	pypi	-	-	=2.4.0	Not yet available
apache-airflow	pypi	-	-	=2.4.0b1	Not yet available
apache-airflow	pypi	-	-	=2.4.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.4.1	Not yet available
apache-airflow	pypi	-	-	=2.4.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.4.2	Not yet available
apache-airflow	pypi	-	-	=2.4.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.4.3	Not yet available
apache-airflow	pypi	-	-	=2.4.3rc1	Not yet available
apache-airflow	pypi	-	-	=2.5.0	Not yet available
apache-airflow	pypi	-	-	=2.5.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.5.0rc2	Not yet available
apache-airflow	pypi	-	-	=2.5.0rc3	Not yet available
apache-airflow	pypi	-	-	=2.5.1	Not yet available
apache-airflow	pypi	-	-	=2.5.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.5.1rc2	Not yet available
apache-airflow	pypi	-	-	=2.5.2	Not yet available
apache-airflow	pypi	-	-	=2.5.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.5.2rc2	Not yet available
apache-airflow	pypi	-	-	=2.5.3	Not yet available
apache-airflow	pypi	-	-	=2.5.3rc1	Not yet available
apache-airflow	pypi	-	-	=2.5.3rc2	Not yet available
apache-airflow	pypi	-	-	=2.6.0	Not yet available
apache-airflow	pypi	-	-	=2.6.0b1	Not yet available
apache-airflow	pypi	-	-	=2.6.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.6.0rc2	Not yet available
apache-airflow	pypi	-	-	=2.6.0rc3	Not yet available
apache-airflow	pypi	-	-	=2.6.0rc4	Not yet available
apache-airflow	pypi	-	-	=2.6.0rc5	Not yet available
apache-airflow	pypi	-	-	=2.6.1	Not yet available
apache-airflow	pypi	-	-	=2.6.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.6.1rc2	Not yet available
apache-airflow	pypi	-	-	=2.6.1rc3	Not yet available
apache-airflow	pypi	-	-	=2.6.2	Not yet available
apache-airflow	pypi	-	-	=2.6.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.6.2rc2	Not yet available
apache-airflow	pypi	-	-	=2.6.3	Not yet available
apache-airflow	pypi	-	-	=2.6.3rc1	Not yet available
apache-airflow	pypi	-	-	=2.7.0	Not yet available
apache-airflow	pypi	-	-	=2.7.0b1	Not yet available
apache-airflow	pypi	-	-	=2.7.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.7.0rc2	Not yet available
apache-airflow	pypi	-	-	=2.7.1	Not yet available
apache-airflow	pypi	-	-	=2.7.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.7.1rc2	Not yet available
apache-airflow	pypi	-	-	=2.7.2	Not yet available
apache-airflow	pypi	-	-	=2.7.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.7.3	Not yet available
apache-airflow	pypi	-	-	=2.7.3rc1	Not yet available
apache-airflow	pypi	-	-	=2.8.0	Not yet available
apache-airflow	pypi	-	-	=2.8.0b1	Not yet available
apache-airflow	pypi	-	-	=2.8.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.8.0rc2	Not yet available
apache-airflow	pypi	-	-	=2.8.0rc3	Not yet available
apache-airflow	pypi	-	-	=2.8.0rc4	Not yet available
apache-airflow	pypi	-	-	=2.8.1	Not yet available
apache-airflow	pypi	-	-	=2.8.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.8.2	Not yet available
apache-airflow	pypi	-	-	=2.8.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.8.2rc2	Not yet available
apache-airflow	pypi	-	-	=2.8.2rc3	Not yet available
apache-airflow	pypi	-	-	=2.8.3	Not yet available
apache-airflow	pypi	-	-	=2.8.3rc1	Not yet available
apache-airflow	pypi	-	-	=2.8.4	Not yet available
apache-airflow	pypi	-	-	=2.8.4rc1	Not yet available
apache-airflow	pypi	-	-	=2.9.0	Not yet available
apache-airflow	pypi	-	-	=2.9.0b1	Not yet available
apache-airflow	pypi	-	-	=2.9.0b2	Not yet available
apache-airflow	pypi	-	-	=2.9.0rc1	Not yet available
apache-airflow	pypi	-	-	=2.9.0rc2	Not yet available
apache-airflow	pypi	-	-	=2.9.0rc3	Not yet available
apache-airflow	pypi	-	-	=2.9.1	Not yet available
apache-airflow	pypi	-	-	=2.9.1rc1	Not yet available
apache-airflow	pypi	-	-	=2.9.1rc2	Not yet available
apache-airflow	pypi	-	-	=2.9.2	Not yet available
apache-airflow	pypi	-	-	=2.9.2rc1	Not yet available
apache-airflow	pypi	-	-	=2.9.3	Not yet available
apache-airflow	pypi	-	-	=2.9.3rc1	Not yet available
apache-airflow	pypi	-	-	=3.0.0	Not yet available
apache-airflow	pypi	-	-	=3.0.0b4	Not yet available
apache-airflow	pypi	-	-	=3.0.0rc1	Not yet available
apache-airflow	pypi	-	-	=3.0.0rc1.post1	Not yet available
apache-airflow	pypi	-	-	=3.0.0rc1.post2	Not yet available
apache-airflow	pypi	-	-	=3.0.0rc1.post3	Not yet available
apache-airflow	pypi	-	-	=3.0.0rc1.post4	Not yet available
apache-airflow	pypi	-	-	=3.0.0rc2	Not yet available
apache-airflow	pypi	-	-	=3.0.0rc3	Not yet available
apache-airflow	pypi	-	-	=3.0.0rc4	Not yet available
apache-airflow	pypi	-	-	=3.0.1	Not yet available
apache-airflow	pypi	-	-	=3.0.1rc1	Not yet available
apache-airflow	pypi	-	-	=3.0.2	Not yet available
apache-airflow	pypi	-	-	=3.0.2rc1	Not yet available
apache-airflow	pypi	-	-	=3.0.2rc2	Not yet available
apache-airflow	pypi	-	-	=3.0.3	Not yet available
apache-airflow	pypi	-	-	=3.0.3rc1	Not yet available
apache-airflow	pypi	-	-	=3.0.3rc2	Not yet available
apache-airflow	pypi	-	-	=3.0.3rc3	Not yet available
apache-airflow	pypi	-	-	=3.0.3rc4	Not yet available
apache-airflow	pypi	-	-	=3.0.3rc5	Not yet available
apache-airflow	pypi	-	-	=3.0.3rc6	Not yet available
apache-airflow	pypi	-	-	=3.0.4	Not yet available
apache-airflow	pypi	-	-	=3.0.4rc1	Not yet available
apache-airflow	pypi	-	-	=3.0.4rc2	Not yet available
apache-airflow	pypi	-	-	=3.0.5	Not yet available
apache-airflow	pypi	-	-	=3.0.5rc1	Not yet available
apache-airflow	pypi	-	-	=3.0.5rc2	Not yet available
apache-airflow	pypi	-	-	=3.0.5rc3	Not yet available
apache-airflow	pypi	-	-	=3.0.6	Not yet available
apache-airflow	pypi	-	-	=3.0.6rc1	Not yet available
apache-airflow	pypi	-	-	=3.0.6rc2	Not yet available
apache-airflow	pypi	-	-	=3.1.0	Not yet available
apache-airflow	pypi	-	-	=3.1.0b1	Not yet available
apache-airflow	pypi	-	-	=3.1.0b2	Not yet available
apache-airflow	pypi	-	-	=3.1.0rc1	Not yet available
apache-airflow	pypi	-	-	=3.1.0rc2	Not yet available
apache-airflow	pypi	-	-	=3.1.1	Not yet available
apache-airflow	pypi	-	-	=3.1.1rc1	Not yet available
apache-airflow	pypi	-	-	=3.1.1rc2	Not yet available
apache-airflow	pypi	-	-	=3.1.2	Not yet available
apache-airflow	pypi	-	-	=3.1.2rc1	Not yet available
apache-airflow	pypi	-	-	=3.1.2rc2	Not yet available
apache-airflow	pypi	-	-	=3.1.3	Not yet available
apache-airflow	pypi	-	-	=3.1.3rc1	Not yet available
apache-airflow	pypi	-	-	=3.1.4	Not yet available
apache-airflow	pypi	-	-	=3.1.4rc1	Not yet available
apache-airflow	pypi	-	-	=3.1.4rc2	Not yet available
apache-airflow	pypi	-	-	=3.1.5	Not yet available
apache-airflow	pypi	-	-	=3.1.5rc1	Not yet available
apache-airflow	pypi	-	-	=3.1.6	Not yet available
apache-airflow	pypi	-	-	=3.1.6rc1	Not yet available
apache-airflow	pypi	-	-	=3.1.7	Not yet available
apache-airflow	pypi	-	-	=3.1.7rc1	Not yet available
apache-airflow	pypi	-	-	=3.1.7rc2	Not yet available
apache-airflow	pypi	-	-	=3.1.8	Not yet available
apache-airflow	pypi	-	-	=3.1.8rc1	Not yet available
apache-airflow	pypi	-	-	=3.1.8rc2	Not yet available
apache-airflow	pypi	-	-	=3.2.0	Not yet available
apache-airflow	pypi	-	-	=3.2.0b1	Not yet available
apache-airflow	pypi	-	-	=3.2.0b2	Not yet available
apache-airflow	pypi	-	-	=3.2.0rc1	Not yet available
apache-airflow	pypi	-	-	=3.2.0rc2	Not yet available
apache-airflow	pypi	-	-	=3.2.1rc1	Not yet available
apache-airflow	pypi	-	-	=3.2.1rc2	Not yet available
apache-airflow	pypi	-	-	=3.2.1rc3	Not yet available

CVSS:3 Severity and metrics

The CVSS metrics represent different qualitative aspects of a vulnerability that impact the overall score, as defined by the CVSS Specification⁠.

The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared physical (e.g., Bluetooth or IEEE 802.11) or logical (e.g., local IP subnet) network, or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN to an administrative network zone). One example of an Adjacent attack would be an ARP (IPv4) or neighbor discovery (IPv6) flood leading to a denial of service on the local LAN segment (e.g., CVE-2013-6014).

Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.

The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources.

Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited. For example, a successful exploit may only be possible during the installation of an application by a system administrator.

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the impacted component.

Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact on the impacted component.

There is no impact to availability within the impacted component.

NIST

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2024-32077⁠

EXPLOITABILITY SCORE

2.3

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-79⁠

CVSS SCORE

5.4medium

GitHub

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDGHSA-52gm-qmg3-r4qp⁠

EXPLOITABILITY SCORE

2.3

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-79⁠

CVSS SCORE

5.4medium

GitLab

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY ID

CVE-2024-32077

EXPLOITABILITY SCORE

2.3

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-79⁠CWE-937⁠

CVSS SCORE

5.4medium

Bitnami

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY ID

BIT-airflow-2024-32077

EXPLOITABILITY SCORE

2.3

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.4medium

CVE-2024-32077

Summary

Common Weakness Enumeration (CWE)

CWE-79⁠

CWE-79⁠

CWE-1035⁠

CWE-79⁠

CWE-937⁠

Advisories

PypA

CVSS SCORE

Attack Vector (AV)Network

Attack Complexity (AC)Low

Privileges Required (PR)Low

User Interaction (UI)Required

Scope (S)Changed

Confidentiality (C)Low

Integrity (I)Low

Availability (A)None

NIST

CVSS SCORE

GitHub

CVSS SCORE

GitLab

CVSS SCORE

Bitnami

CVSS SCORE