Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to `apache-airflow-providers-google` 22.0.0 or later.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HApache Airflow Providers Google
APPApache< 22.0.0
Related vulnerabilities
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airf...
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airf...
Apache Tomcat: Path Equivalence prowadzący do RCE i ujawnienia danych
Apache OFBiz — nieautoryzowane wykonanie kodu przez błędną autoryzację
Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie