Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-62402

updated 3 weeks, 3 days ago by @LeSuisse Activity log

Created automatic suggestion 2 months, 3 weeks ago
@LeSuisse dismissed 3 weeks, 3 days ago

Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API

API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

Affected products

apache-airflow

<3.1.1

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

nixos-unstable 2.7.3
- nixpkgs-unstable 2.7.3
- nixos-unstable-small 2.7.3
nixos-25.05 2.7.3
- nixos-25.05-small 2.7.3
- nixpkgs-25.05-darwin 2.7.3

Package maintainers

@ingenieroariel Ariel Nunez <ariel@nunez.co>
@bhipple Benjamin Hipple <bhipple@protonmail.com>
@gbpdt Graham Bennett <nix@pdtpartners.com>

Only impact > 3.0

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.apache-airflow

Package maintainers