/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-rffr-3gww-cc9j

Published

Last updated

https://images.chainguard.dev/security/CGA-rffr-3gww-cc9j
Package

airflow-3

RepositoryWolfi
Latest Update
Under investigation
Aliases
  • CVE-2024-49766
  • GHSA-f9vj-2wh5-fj8j

Severity

Unknown

Summary

Werkzeug safe_join not safe on Windows

Description

On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs