GHSA-qg5g-gv98-5ffh: rustls network-reachable panic in `Acceptor::accept`

GHSA-rjjv-87mx-6x3h: @sveltejs/kit vulnerable to on dev mode 404 page

GHSA-mh2x-fcqh-fmqv: @sveltejs/kit has unescaped error message included on error page

GHSA-5xr6-xhww-33m4: Artifact poisoning vulnerability in action-download-artifact v5 and earlier

GHSA-7f6p-phw2-8253: Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws

In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2022-38054

**Apache Airflow Session Fixation vulnerability**

Critical severity GitHub Reviewed Published Sep 3, 2022 • Updated Sep 15, 2022

**Package**

pip apache-airflow (pip)

**Affected versions**

\>= 2.2.4, < 2.3.4rc1

**Patched versions**

2.3.4rc1

**Description**

Headline

GHSA-5ff8-7639-6v6g: Apache Airflow Session Fixation vulnerability

Related news

ghsa: Latest News