CVE-2023-50943

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 24, 2024

Updated: Jan 30, 2024

CWE ID 502

Summary

CVE-2023-50943 is a vulnerability affecting Apache Airflow versions prior to 2.8.1. An attacker can exploit this issue by poisoning XCom data, bypassing the "enable_xcom_pickling=False" configuration setting. This vulnerability results in the deserialization of malicious data, leading to potentially harmful outcomes. The risk level for this vulnerability is considered low, as exploitation requires the actions of a DAG author. Users are strongly advised to upgrade to version 2.8.1 or later to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Airflow

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t06yjW
https://www.cve.org/CVERecord?id=CVE-2023-50943
https://nvd.nist.gov/vuln/detail/CVE-2023-50943

Back to Vulnerability Database