CVE-2022-38054

Session Fixation in pypi/apache-airflow

Identifiers

CVE-2022-38054

Package Slug

pypi/apache-airflow

Vulnerability

Session Fixation

Description

In Apache Airflow versions 2.2.4 through 2.3.3, the database webserver session backend was susceptible to session fixation.

Affected Versions

All versions starting from 2.2.4 up to 2.3.3

Solution

Upgrade to version 2.3.4 or above.

Last Modified

2022-09-12

source