montgomery-marcus-solute opened a new issue, #26686: URL: https://github.com/apache/airflow/issues/26686
### Apache Airflow version 2.4.0 ### What happened My organization scanned a container running airflow 2.4.0 and found the following vulnerabilities, all related to swagger-ui, fixed in the swagger-ui version next to the link for the vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2019-17495 >= 3.23.11 https://nvd.nist.gov/vuln/detail/CVE-2018-25031 >= 4.1.3 https://github.com/advisories/GHSA-388g-jwpg-x6j4 >= 3.0.13 https://github.com/advisories/GHSA-x9p2-fxq6-2m5f >= 3.18.0 https://github.com/advisories/GHSA-4f9m-pxwh-68hg >= 3.20.9 https://github.com/advisories/GHSA-qrmm-w75w-3wpx >= 4.1.3 ### What you think should happen instead If possible, please update the swagger-ui version used in airflow to the latest or at least version 4.1.3 or greater. ### How to reproduce _No response_ ### Operating System ubi8 ### Versions of Apache Airflow Providers _No response_ ### Deployment Other Docker-based deployment ### Deployment details _No response_ ### Anything else _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
