CRITICAL 9.8

PYSEC-2024-263

Details

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / airflow-diagrams

Introduced in: 0

No fixed version published yet for airflow-diagrams (pip). Pin to a known-safe version or switch to an alternative.

References

https://github.com/bayuncao/vul-cve-15 [PACKAGE]