CVE-2022-40604

CVE-2022-40604: Format String Vulnerability

Vendor Apache Software Foundation
Product Apache Airflow
Weakness CWE-134
Published September 21, 2022
Last update May 27, 2025

CVSS base score

What the vulnerability does

01Description

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

Key dates

02Disclosure timeline

September 21, 2022 CVE published
May 27, 2025 Record updated