CVE-2021-26697: Improper Authentication
(updated )
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow
References
Detect and mitigate CVE-2021-26697 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →