Lee

**Name of the Vulnerable Software and Affected Versions** Apache Airflow Providers Edge3 versions prior to 2.0.0 **Description** The Edge3 provider for Apache Airflow 2 contains an issue that allows a Dag author to perform Remote Code Execution (RCE) in the webserver context through a non-public API. This API was intended for testing the Edge Provider during development and was implicitly enabled when the Edge3 provider was installed and configured on Airflow 2. The Edge3 provider support in Airflow 2 was development-only and not officially released. The issue is present only if the Edge3 provider was installed and configured on Airflow 2. **Recommendations** If you installed and configured the Edge3 provider for Airflow 2, uninstall it and migrate to Airflow 3. If you used the Edge Provider in Airflow 3, you are not affected.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions 2.4.0 through 2.7.0 **Description** The issue is related to the exposure of sensitive information in Apache Airflow, which could allow a remote attacker to obtain confidential information. **Recommendations** For Apache Airflow versions 2.4.0 through 2.7.0, update to a version that contains a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple macOS versions prior to 10.15.3 **Description** A validation issue was addressed with improved input sanitization, allowing an application to potentially read restricted memory. **Recommendations** For versions prior to 10.15.3, update to macOS Catalina 10.15.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14 **Description** A validation issue was addressed with improved input sanitization. **Recommendations** For versions prior to macOS Mojave 10.14, update to macOS Mojave 10.14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14 **Description** A validation issue was addressed with improved input sanitization. **Recommendations** For versions prior to macOS Mojave 10.14, update to macOS Mojave 10.14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue is related to a buffer overflow in the Intel Graphics Driver component of the operating system, which can be exploited by a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue.