Severity: moderate Affected versions:
- Apache Airflow (apache-airflow) >=3.0.0,<3.1.1 Description: API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available. Credit: kwkr (https://github.com/kwkr) (reporter) References: https://lists.apache.org/thread/vbzxnxn031wb998hsd7vqnvh4z8nx6rs https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-62402 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
