CVE-2024-32077

CVE-2024-32077: Apache Airflow: XSS vulnerability in Task Instance Log/Log Details

Vendor Apache Software Foundation

Product Apache Airflow

Weakness CWE-79 · XSS

Published May 14, 2024

Last update March 27, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue.

Key dates

Disclosure timeline

May 14, 2024 CVE published

March 27, 2025 Record updated