Skip to content

Apache Airflow does not return the "Cache-Control" header for dynamic content

Low severity GitHub Reviewed Published Jun 14, 2024 to the GitHub Advisory Database • Updated Jun 17, 2024

Package

pip apache-airflow (pip)

Affected versions

< 2.9.2

Patched versions

2.9.2

Description

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. 

Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

This issue affects Apache Airflow: before 2.9.2.

Users are recommended to upgrade to version 2.9.2, which fixes the issue.

References

Published by the National Vulnerability Database Jun 14, 2024
Published to the GitHub Advisory Database Jun 14, 2024
Last updated Jun 17, 2024
Reviewed Jun 17, 2024

Severity

Low

EPSS score

0.042%
(5th percentile)

Weaknesses

CVE ID

CVE-2024-25142

GHSA ID

GHSA-9xpj-62mm-24h2

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.