Replies: 3 comments
-
|
Please use the security policy to report CVEs and any security related issues: https://github.com/apache/airflow?tab=security-ov-file#readme |
Beta Was this translation helpful? Give feedback.
-
|
The CVE is public. Do you really want everyone that runs a scan on Airflow to contact the security email address to ask this question? |
Beta Was this translation helpful? Give feedback.
-
Our policy states that we do not accept reports of automated scans. If you believe Airflow is affected by any security issue you should report to the security email address with clear explnation of what the risk is and how it can be exploited. If you can't specify how it can be exploited the report will be automatically rejected. There are dozens of automated tools that generated many false report and there are many people who reports thoughts/concerns/questions. As open source project that is consistent mostly with volunteers we can not triage and handle such traffic volume so we expect the reporter to do the extra mile and verify that the problem being reported is real. You are also very welcome to raise your thoughts on the poicy itself with the same email if you believe it should change and can offer reasoning for it. |
Beta Was this translation helpful? Give feedback.
-
Apache Airflow version
2.10.3
If "Other Airflow 2 version" selected, which one?
No response
What happened?
CVE-2024-49767 looks similar to CVE-2023-46136:
#36915
Is it also true for this CVE that "Airflow is not likely vulnerable"?
What you think should happen instead?
No response
How to reproduce
NA
Operating System
All
Versions of Apache Airflow Providers
No response
Deployment
Other
Deployment details
No response
Anything else?
No response
Are you willing to submit PR?
Code of Conduct
Beta Was this translation helpful? Give feedback.
All reactions