CVE-2022-40604
Use of Externally-Controlled Format String in pypi/apache-airflow
Identifiers
CVE-2022-40604
Package Slug
pypi/apache-airflow
Vulnerability
Use of Externally-Controlled Format String
Description
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
Affected Versions
All versions starting from 2.3.0 up to 2.3.4
Solution
Upgrade to version 2.4.0 or above.
Last Modified
2022-09-23
| source |