x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-39863 #2985

GoVulnBot · 2024-07-17T09:01:14Z

Advisory CVE-2024-39863 references a vulnerability in the following Go modules:

Module
github.com/apache/airflow

Description:
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.

References:

Cross references:

Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2023-50943 #2473 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2023-50944 #2474 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2023-51702 #2475 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-25141 #2570 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-27906 #2586 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-26280 #2596 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-28746 #2680 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-29735 #2681 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-31869 #2733 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-29733 #2742 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2023-46288 #2805 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-32077 #2835 NOT_GO_CODE
Module github.com/apache/airflow appears in issue x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-25142 #2925 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/apache/airflow
      vulnerable_at: 1.8.2
summary: CVE-2024-39863 in github.com/apache/airflow
cves:
    - CVE-2024-39863
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39863
    - fix: https://github.com/apache/airflow/pull/40475
    - web: https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3
source:
    id: CVE-2024-39863
    created: 2024-07-17T09:01:12.966813127Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-07-18T20:30:34Z

Change https://go.dev/cl/599457 mentions this issue: data/excluded,data/reports: add 6 reports

tatianab added possibly not Go triaged excluded: NOT_GO_CODE This vulnerability does not refer to a Go module. and removed possibly not Go labels Jul 17, 2024

tatianab self-assigned this Jul 18, 2024

gopherbot closed this as completed in c9ed1ff Jul 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-39863 #2985

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-39863 #2985

GoVulnBot commented Jul 17, 2024

gopherbot commented Jul 18, 2024

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-39863 #2985

x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-39863 #2985

Comments

GoVulnBot commented Jul 17, 2024

gopherbot commented Jul 18, 2024