{"id":"PYSEC-2022-263","details":"In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.","aliases":["BIT-airflow-2022-38054","CVE-2022-38054","GHSA-5ff8-7639-6v6g"],"modified":"2023-12-06T01:02:31.352930Z","published":"2022-09-02T07:15:00Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2022/09/02/1"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-5ff8-7639-6v6g"}],"affected":[{"package":{"name":"apache-airflow","ecosystem":"PyPI","purl":"pkg:pypi/apache-airflow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.2.4"},{"fixed":"2.3.4rc1"}]}],"versions":["2.2.4","2.2.5","2.2.5rc1","2.2.5rc2","2.2.5rc3","2.3.0","2.3.0b1","2.3.0rc1","2.3.0rc2","2.3.1","2.3.1rc1","2.3.2","2.3.2rc1","2.3.2rc2","2.3.3","2.3.3rc1","2.3.3rc2","2.3.3rc3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2022-263.yaml"}}],"schema_version":"1.7.3"}