QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-45034

Back to search

CVE-2024-45034

Published: Sep 7, 2024

Modified: Sep 9, 2024

PUBLISHED

Description

Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.

VendorProductVersions

Apache Software Foundation

Apache Airflow

affected
0 - < 2.10.1

Weaknesses (CWE)

CWE-250

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now