cbcvebase.
CVE-2022-40604
published 2022-09-21

CVE-2022-40604: In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

Affected

3 ranges
VendorProductVersion rangeFixed in
apacheairflow2.3.0 – 2.3.4
apache_software_foundationapache_airflow>= 2.3.0 < unspecifiedunspecified
apache_software_foundationapache_airflow>= unspecified < 2.4.02.4.0