apache-airflow-providers-cncf-kubernetes

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting apache-airflow-providers-cncf-kubernetespage 1 of 1

CVE-2023-33234HIGHCVSS 7.2EG 7.2✓ Fixed in 7.0.0
2023-05-30
vulnerable: 5.0.0 ... 7.0.0rc2 (20 versions)
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permiss…
CVE-2023-51702MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.0.0
2024-01-24
vulnerable: 5.2.0 ... 7.0.0rc2 (13 versions)
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metad…

Check whether apache-airflow-providers-cncf-kubernetes is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for apache-airflow-providers-cncf-kubernetes CVEs against the assets you own.

Start Free Scan →