PT-2023-4091 · Apache · Apache Airflow

Hungtd

Published

2023-07-11

Updated

2026-02-20

CVE-2023-36543

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.6.3

Description The issue is related to the use of a regular expression with inefficient computational complexity in Apache Airflow, which can be exploited by a remote attacker to cause a denial of service. An authenticated user can use crafted input to make the current request hang.

Recommendations For versions prior to 2.6.3, upgrade to a version that is not affected to resolve the issue. As a temporary workaround, consider restricting access to the affected functionality to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333CWE-20

Related Identifiers

BDU:2023-04393

BIT-AIRFLOW-2023-36543

CVE-2023-36543

GHSA-3H4M-M55V-GX4M

PYSEC-2023-106

Affected Products

Apache Airflow

PT-2023-4091 · Apache · Apache Airflow

CVE-2023-36543

Weakness Enumeration

Related Identifiers

Affected Products

References · 17