PT-2023-4091 · Apache · Apache Airflow

Hungtd

Publicado

2023-07-11

Atualizado

2026-02-20

CVE-2023-36543

CVSS v4.0

7.1

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.6.3

Description The issue is related to the use of a regular expression with inefficient computational complexity in Apache Airflow, which can be exploited by a remote attacker to cause a denial of service. An authenticated user can use crafted input to make the current request hang.

Recommendations For versions prior to 2.6.3, upgrade to a version that is not affected to resolve the issue. As a temporary workaround, consider restricting access to the affected functionality to minimize the risk of exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1333CWE-20

Identificadores relacionados

BDU:2023-04393

BIT-AIRFLOW-2023-36543

CVE-2023-36543

GHSA-3H4M-M55V-GX4M

PYSEC-2023-106

Produtos afetados

Apache Airflow

PT-2023-4091 · Apache · Apache Airflow

CVE-2023-36543

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17