/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-3fx6-xvfc-v75r

Published

Last updated

https://images.chainguard.dev/security/CGA-3fx6-xvfc-v75r
Package

airflow

RepositoryWolfi
Latest Update
Fixed
Fixed Version

2.10.3-r0

Aliases
  • CVE-2024-45314
  • GHSA-fw5r-6m3x-rh7p

Severity

5.5

Medium

CVSS CVSS_V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-45314
  • https://github.com/advisories/GHSA-fw5r-6m3x-rh7p

Updates

Status

Fixed

Fixed version

2.10.3-r0

Status

Pending upstream fix

Impact

Due to the tightly coupled nature of airflow and Flask-AppBuilder stated here: https://github.com/apache/airflow/blob/30925c739b60d8a54d84c7c58a3ab854c167f2c1/airflow/providers/fab/provider.yaml#L50, any changes to the security/manager.py file need to be implemented in an override file found here: https://github.com/apache/airflow/blob/main/airflow/providers/fab/auth_manager/security_manager/override.py a PR has been opened to suggest the changes however that is waiting upstream approval.

Status

Under investigation

Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal