CVE-2021-35936: Missing Authorization
(updated )
If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow
References
Detect and mitigate CVE-2021-35936 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →