Nixpkgs security tracker

Dismissed

Permalink CVE-2025-62402

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 2 months, 3 weeks ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 2 weeks ago
@LeSuisse dismissed 2 months, 3 weeks ago

Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API

API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

References

Affected products

apache-airflow

<3.1.1

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

nixos-unstable 2.7.3
- nixpkgs-unstable 2.7.3
- nixos-unstable-small 2.7.3

Package maintainers

@ingenieroariel Ariel Nunez <ariel@nunez.co>
@bhipple Benjamin Hipple <bhipple@protonmail.com>
@gbpdt Graham Bennett <nix@pdtpartners.com>

Only impact > 3.0

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.apache-airflow

Package maintainers