Ankit Chaurasia

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 3.1.6 **Description** Apache Airflow versions before 3.1.6 did not properly handle sensitive information within proxy URLs in Connection objects. Specifically, proxy credentials embedded in the `proxies` and `proxy` fields were not automatically masked in log output, potentially exposing them when connections were rendered or printed to logs. **Recommendations** Upgrade to version 3.1.6 or later to resolve this issue.