{"schema_version": "1.6.1", "id": "CVE-2022-40604", "summary": "Format String Vulnerability", "details": "In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "unspecified"}, {"fixed": "2.4.0"}]}]}], "references": [{"type": "ADVISORY", "url": "https://github.com/apache/airflow/pull/26337"}, {"type": "ADVISORY", "url": "https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t"}]}