Timon8

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.6.3 **Description** The issue allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the `run id` parameter. This is considered a low-risk issue as it requires an authenticated user to exploit it. **Recommendations** For Apache Airflow versions prior to 2.6.3, upgrade to a version that is not affected to resolve the issue. As a temporary workaround, consider restricting access to the `run id` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.6.3 **Description** The issue exists due to insufficient input validation, allowing a remote attacker to cause a service disruption. This can be achieved by manipulating the `run id` parameter. The exploitation requires an authenticated user, and the issue is considered low-severity. **Recommendations** For versions prior to 2.6.3, upgrade to a version that is not affected to resolve the issue. As a temporary workaround, consider restricting access to the `run id` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Undici versions 2.0.0 through 5.19.0 **Description** The issue is related to the undici library not protecting the `host` HTTP header from CRLF injection vulnerabilities. This could allow a remote attacker to inject arbitrary HTTP headers. The undici library is an HTTP/1.1 client for Node.js. As a workaround, sanitizing the `headers.host` string before passing it to undici can help mitigate the issue. **Recommendations** For versions 2.0.0 through 5.19.0, update to version 5.19.1 to resolve the issue. As a temporary workaround, consider sanitizing the `headers.host` string before passing it to undici.