CVE-2023-50943
on github
Published
Severity
CVSS v3:
7.5 HIGH
CVSS v2:
N/A
Description
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* | n/a | 2.8.1 | * |