CVE-2026-49297
- EPSS 1.06%
- Veröffentlicht 06.07.2026 09:54:07
- Zuletzt bearbeitet 08.07.2026 14:53:39
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A u...
CVE-2026-45361
- EPSS 0.59%
- Veröffentlicht 25.05.2026 09:34:01
- Zuletzt bearbeitet 01.06.2026 17:17:10
Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users...
CVE-2023-25691
- EPSS 1.58%
- Veröffentlicht 24.02.2023 12:15:30
- Zuletzt bearbeitet 11.03.2025 21:15:39
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.
CVE-2023-25692
- EPSS 1.83%
- Veröffentlicht 24.02.2023 12:15:30
- Zuletzt bearbeitet 11.03.2025 21:15:40
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.