Apache Airflow Providers Cncf Kubernetes
Monthly
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.