Main Vulnerability Database Vulnerabilities #VU86028

#VU86028 Resource management error in Apache Airflow - CVE-2023-36543

Published: February 2, 2024

Vulnerability identifier: #VU86028

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-36543

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Airflow

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. A remote user can send specially crafted request to the application and make the current request hang, resulting in resource exhaustion leading to denial of service.

Remediation

Install updates from vendor's website.

External links

https://github.com/apache/airflow/pull/32060
https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4

#VU86028 Resource management error in Apache Airflow - CVE-2023-36543

Description

Remediation

External links

Please verify you're human