{"schema_version": "1.6.1", "id": "CVE-2022-38054", "summary": "Session Fixation", "details": "In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "2.2.4"}, {"fixed": "Apache Airflow*"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb"}]}