Vulnerability Database

308,484

Total vulnerabilities in the database

CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.

Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

This issue affects Apache Airflow: before 2.9.2.

Users are recommended to upgrade to version 2.9.2, which fixes the issue.

Published: Jun 14, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-25142
GHSA: GHSA-9xpj-62mm-24h2
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-525

Affected Software
References

Software	From	Fixed in
apache-airflow	-	2.9.2
apache / airflow	-	2.9.2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo