7.5
CVSS V3
Status
Impact
Fixed versions of Werkzeug (v2.3.8 and above) are not compatible with the current version of apache airflow. There is an open PR in airflow addressing this that will natively support Werkzeug v2.3.8 (https://github.com/apache/airflow/pull/36052)
Status
Fixed version
2.9.1-r1Status
Impact
Vulnerability affects < 3.0.3 however airflow is unable to upgrade to werkzeugto 3+ https://github.com/apache/airflow/blob/2d53c1089f78d8d1416f51af60e1e0354781
Status