CVE-2021-38540
published 2021-09-09CVE-2021-38540: The variable import endpoint was not protected by authentication in Airflow >=2.0.0, =2.0.0, <2.1.3.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, =2.0.0, <2.1.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | >= 2.0.0 < 2.1.3 | 2.1.3 |
| apache_software_foundation | apache_airflow | >= Apache Airflow < 2.1.3 | 2.1.3 |