{"id":"CVE-2022-40754","details":"In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.","aliases":["BIT-airflow-2022-40754","GHSA-4fg5-j4mm-wfpg","PYSEC-2022-280"],"modified":"2026-03-14T11:54:39.247664Z","published":"2022-09-21T08:15:08.980Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm"},{"type":"FIX","url":"https://github.com/apache/airflow/pull/26409"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/airflow","events":[{"introduced":"1c98f573a29d9cee3e4e0000c6fe424a2f025f83"},{"last_affected":"05960ac2ebb1fd9a74f3135e5e8fe5e28160d4b2"}],"database_specific":{"versions":[{"introduced":"2.3.0"},{"last_affected":"2.3.4"}]}}],"versions":["providers-airbyte/5.3.0","providers-airbyte/5.3.0rc1","providers-alibaba/3.3.0","providers-alibaba/3.3.0rc1","providers-amazon/9.18.0rc1","providers-apache-beam/6.2.0","providers-apache-beam/6.2.0rc1","providers-apache-cassandra/3.9.0","providers-apache-cassandra/3.9.0rc1","providers-apache-drill/3.2.0","providers-apache-drill/3.2.0rc1","providers-apache-druid/4.4.0","providers-apache-druid/4.4.0rc1","providers-apache-flink/1.8.0","providers-apache-flink/1.8.0rc1","providers-apache-hdfs/4.11.0","providers-apache-hdfs/4.11.0rc1","providers-apache-hive/9.2.0","providers-apache-hive/9.2.0rc1","providers-apache-iceberg/1.4.0","providers-apache-iceberg/1.4.0rc1","providers-apache-impala/1.8.0","providers-apache-impala/1.8.0rc1","providers-apache-kafka/1.11.0","providers-apache-kafka/1.11.0rc1","providers-apache-kylin/3.10.0","providers-apache-kylin/3.10.0rc1","providers-apache-livy/4.5.0","providers-apache-livy/4.5.0rc1","providers-apache-pig/4.8.0","providers-apache-pig/4.8.0rc1","providers-apache-pinot/4.9.0","providers-apache-pinot/4.9.0rc1","providers-apache-spark/5.4.0","providers-apache-spark/5.4.0rc1","providers-apache-tinkerpop/1.1.0","providers-apache-tinkerpop/1.1.0rc1","providers-apprise/2.3.0","providers-apprise/2.3.0rc1","providers-arangodb/2.9.0","providers-arangodb/2.9.0rc1","providers-asana/2.11.0","providers-asana/2.11.0rc1","providers-atlassian-jira/3.3.0","providers-atlassian-jira/3.3.0rc1","providers-celery/3.14.0rc1","providers-cloudant/4.3.0","providers-cloudant/4.3.0rc1","providers-cncf-kubernetes/10.11.0rc1","providers-cohere/1.6.0","providers-cohere/1.6.0rc1","providers-common-compat/1.10.0","providers-common-compat/1.10.0rc1","providers-common-io/1.7.0","providers-common-io/1.7.0rc1","providers-common-sql/1.30.0rc1","providers-databricks/7.8.0","providers-databricks/7.8.0rc1","providers-datadog/3.10.0","providers-datadog/3.10.0rc1","providers-dbt-cloud/4.6.0","providers-dbt-cloud/4.6.0rc1","providers-dingding/3.9.0","providers-dingding/3.9.0rc1","providers-discord/3.11.0","providers-discord/3.11.0rc1","providers-docker/4.5.0rc1","providers-edge3/1.6.0rc1","providers-elasticsearch/6.4.0","providers-elasticsearch/6.4.0rc1","providers-exasol/4.9.0","providers-exasol/4.9.0rc1","providers-fab/3.0.3","providers-fab/3.0.3rc1","providers-facebook/3.9.0","providers-facebook/3.9.0rc1","providers-ftp/3.14.0","providers-ftp/3.14.0rc1","providers-github/2.10.0","providers-github/2.10.0rc1","providers-google/19.1.0rc1","providers-grpc/3.9.0","providers-grpc/3.9.0rc1","providers-hashicorp/4.4.0","providers-hashicorp/4.4.0rc1","providers-http/5.6.0","providers-http/5.6.0rc1","providers-imap/3.10.0","providers-imap/3.10.0rc1","providers-influxdb/2.10.0","providers-influxdb/2.10.0rc1","providers-jdbc/5.3.0","providers-jdbc/5.3.0rc1","providers-jenkins/4.2.0","providers-jenkins/4.2.0rc1","providers-microsoft-azure/12.9.0rc1","providers-microsoft-mssql/4.4.0","providers-microsoft-mssql/4.4.0rc1","providers-microsoft-psrp/3.2.0","providers-microsoft-psrp/3.2.0rc1","providers-microsoft-winrm/3.13.0","providers-microsoft-winrm/3.13.0rc1","providers-mongo/5.3.0","providers-mongo/5.3.0rc1","providers-mysql/6.4.0","providers-mysql/6.4.0rc1","providers-neo4j/3.11.0","providers-neo4j/3.11.0rc1","providers-odbc/4.11.0","providers-odbc/4.11.0rc1","providers-openai/1.7.0","providers-openai/1.7.0rc1","providers-openfaas/3.9.0","providers-openfaas/3.9.0rc1","providers-openlineage/2.9.0","providers-openlineage/2.9.0rc1","providers-opensearch/1.8.0","providers-opensearch/1.8.0rc1","providers-opsgenie/5.10.0","providers-opsgenie/5.10.0rc1","providers-oracle/4.3.0","providers-oracle/4.3.0rc1","providers-pagerduty/5.2.0","providers-pagerduty/5.2.0rc1","providers-papermill/3.12.0","providers-papermill/3.12.0rc1","providers-pgvector/1.6.0","providers-pgvector/1.6.0rc1","providers-pinecone/2.4.0","providers-pinecone/2.4.0rc1","providers-postgres/6.5.0","providers-postgres/6.5.0rc1","providers-presto/5.10.0","providers-presto/5.10.0rc1","providers-qdrant/1.5.0","providers-qdrant/1.5.0rc1","providers-redis/4.4.0","providers-redis/4.4.0rc1","providers-salesforce/5.12.0","providers-salesforce/5.12.0rc1","providers-samba/4.12.0","providers-samba/4.12.0rc1","providers-segment/3.9.0","providers-segment/3.9.0rc1","providers-sendgrid/4.2.0","providers-sendgrid/4.2.0rc1","providers-sftp/5.5.0","providers-sftp/5.5.0rc1","providers-singularity/3.9.0","providers-singularity/3.9.0rc1","providers-slack/9.6.0rc1","providers-smtp/2.4.0","providers-smtp/2.4.0rc1","providers-snowflake/6.7.0","providers-snowflake/6.7.0rc1","providers-sqlite/4.2.0","providers-sqlite/4.2.0rc1","providers-ssh/4.2.0rc1","providers-standard/1.10.0rc1","providers-tableau/5.3.0","providers-tableau/5.3.0rc1","providers-telegram/4.9.0","providers-telegram/4.9.0rc1","providers-teradata/3.3.0","providers-teradata/3.3.0rc1","providers-trino/6.4.0","providers-trino/6.4.0rc1","providers-vertica/4.2.0","providers-vertica/4.2.0rc1","providers-weaviate/3.3.0","providers-weaviate/3.3.0rc1","providers-yandex/4.3.0","providers-yandex/4.3.0rc1","providers-ydb/2.3.0","providers-ydb/2.3.0rc1","providers-zendesk/4.11.0","providers-zendesk/4.11.0rc1","providers/2025-11-27"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40754.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}