CVE-2021-45230
published 2022-01-20CVE-2021-45230: In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | 1.10.0 – 1.10.15 | — |
| apache | airflow | >= 2.0.0 < 2.2.0 | 2.2.0 |
| apache_software_foundation | apache_airflow | — | — |
| apache_software_foundation | apache_airflow | >= Apache Airflow 2 < 2.2.0 | 2.2.0 |