Approved changes feed: RSS · Atom
cpe:2.3:a:airbytehq:airbyte:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Airbytehq (b20a158d-9ba3-576c-ba17-c5814a0e10e2) |
|---|---|
| Product | Airbyte (cacf12fa-7c39-564e-9e2c-31815e0b6421) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-38363 |
vulnerable | 2026-06-08 06:41:45.137437 |
Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte
HIGH (8.6)
Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2.
Published: 2024-07-09T14:10:47.792Z
Updated: 2024-08-02T04:04:25.126Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.