Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-hm9r-7f84-25c9

GitHub Security Advisory

Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.  Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Affected Packages

PyPI apache-airflow
Affected versions: 0 (fixed in 2.7.3)

Related CVEs

CVE-2023-47037

Key Information

GHSA ID
GHSA-hm9r-7f84-25c9
Published
November 12, 2023 3:30 PM
Last Modified
February 13, 2025 7:21 PM
CVSS Score
5.0 /10
Primary Ecosystem
PyPI
Primary Package
apache-airflow
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.