CVE-2023-36543

CWE-1333CWE-20Improper Input Validation5 documents4 sources
Severity
6.5MEDIUM
EPSS
0.8%
top 26.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache AirflowApache Airflow
Timeline
PublishedJul 12

Description

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDapache/airflow< 2.6.3
PyPIapache-airflow< 2.6.3

Patches

Patch: github.comPatch: lists.apache.orgPatch: github.com

🔴Vulnerability Details

4
GHSA
Apache Airflow Improper Input Validation vulnerability2023-07-12
CVEList
Apache Airflow: ReDoS via dags function2023-07-12
OSV
Apache Airflow Improper Input Validation vulnerability2023-07-12
OSV
CVE-2023-36543: Apache Airflow, versions before 22023-07-12
CVE-2023-36543 (MEDIUM CVSS 6.5) | Apache Airflow | cvebase.io