CVE-2023-50943

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 24, 2024
Updated: Jan 30, 2024
CWE ID 502

Summary

CVE-2023-50943 is a vulnerability affecting Apache Airflow versions prior to 2.8.1. An attacker can exploit this issue by poisoning XCom data, bypassing the "enable_xcom_pickling=False" configuration setting. This vulnerability results in the deserialization of malicious data, leading to potentially harmful outcomes. The risk level for this vulnerability is considered low, as exploitation requires the actions of a DAG author. Users are strongly advised to upgrade to version 2.8.1 or later to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache Airflow

Affected Vendors

  • Apache Software Foundation