CVE-2023-36543

CVE-2023-36543: Apache Airflow: ReDoS via dags function

Vendor Apache Software Foundation

Product Apache Airflow

Weakness CWE-1333

Published July 12, 2023

Last update October 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Key dates

Disclosure timeline

July 12, 2023 CVE published

October 4, 2024 Record updated