Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp2645045lqo; Tue, 14 May 2024 05:24:37 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUusW+I/57saLKJvyAy9YOfgh0Ex/cQcpZkb/eI4peQ3VhSSsp3qjsliOhQ6GFKYxNztDkpYZwkzD2+siS8gv9Oc5tlSV0CGhQgCkZ6UA== X-Google-Smtp-Source: AGHT+IG6tY8g4h+/bCqDgDdXGSzzTC43iF4aKZz+/DxnTyb1WFda3Ho6yqDS2vIAmHdWd45Ihjk0 X-Received: by 2002:a17:906:66ca:b0:a59:c2c3:bb4c with SMTP id a640c23a62f3a-a5a2d675a9dmr1097594966b.70.1715689476838; Tue, 14 May 2024 05:24:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1715689476; cv=none; d=google.com; s=arc-20160816; b=wH0LwL8b+IQq4McbuQNx9D24lCDgEgvlbeS/f5DRtPqwYLrT9RNdyyH+2EGgdlk8Yy zuKE4MD0vDLMv6YcH1GgV04BWfPPUo22km8kU/aGP/1JFRKDfWxXp6+Y/4QDvvUipAno pLWAmJVASbKzNHNva57CUqjMwgkP92N7Qo2ho9TK2b8bnVMXnDiZLy9Ld+lkC2Dxr/f+ vAFQMC2nt8JNuWdK/slXLQ8HHBHOnvmALs4frlGjx9o7kliXfBcuaKHOZI7tmCHrSM5K Wu24QwNXJAIZtxAyhy5aTQVEHAslqSV7wlRv6b/XTrYRfH5gpcNz13U0s09ob3CagiAe hnFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:mime-version:date:content-transfer-encoding:message-id:to :from:delivered-to:delivered-to:reply-to:list-id:list-subscribe :list-unsubscribe:list-help:list-post:precedence:mailing-list; bh=+IUJNEXgTk3w3h7eOiy+Ba4TdVhi0RYYRdF4n6wryYQ=; fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=; b=F8T8z8NUiHATAe5S21+E7AO9BG10hED3KKUWD+wBvNvxh4ChmzzfDd8+vihRUYCBnA 6X6XMXxku02B0yJG45tghEHRUf3Avzgr/l3FHhFcHDg2os2pZs/j9ihssBDXrfwW3mxD XYxiSCglG3om1HDGRAkBfKq5kEm24pjaMCUJBygo3oNI1ziSYYXMtR7yE88cLIPuNCUH nwxzzTUDwJ6ivZt3O2ylboCGJpNHj/oHJF2xr8KiiLv2wcX17mLyrRrlEfZ2mS1OXGJH AIxIFsXBTImLBcPgv1zh93SQrzuCmvyddQ4N9PtQxi4Wt2PzH3gL3aq0M5Aw9BfRp14y yuKQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of oss-security-return-30149-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30149-linux.lists.archive=gmail.com@lists.openwall.com" Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id a640c23a62f3a-a5a17b21d1csi598913466b.284.2024.05.14.05.24.36 for ; Tue, 14 May 2024 05:24:36 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30149-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; spf=pass (google.com: domain of oss-security-return-30149-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30149-linux.lists.archive=gmail.com@lists.openwall.com" Received: (qmail 29771 invoked by uid 550); 14 May 2024 12:24:18 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 7221 invoked from network); 14 May 2024 10:16:02 -0000 Authentication-Results: apache.org; auth=none Content-Type: text/plain; charset=utf-8 From: Ephraim Anierobi To: oss-security@lists.openwall.com Message-ID: Content-Transfer-Encoding: quoted-printable Date: Tue, 14 May 2024 10:15:17 +0000 MIME-Version: 1.0 Subject: [oss-security] CVE-2024-32077: Apache Airflow: XSS vulnerability in Task Instance Log/Log Details Severity: moderate Affected versions: - Apache Airflow 2.9.0 before 2.9.1 Description: Apache Airflow version 2.9.0 has a vulnerability that allows an = authenticated attacker to inject malicious data into the task instance logs= .=C2=A0 Users are recommended to upgrade to version 2.9.1, which fixes this issue. Credit: Ming (finder) Jens Scheffler (remediation developer) References: https://github.com/apache/airflow/pull/38882 https://airflow.apache.org/ https://www.cve.org/CVERecord?id=3DCVE-2024-32077