{"schema_version": "1.6.1", "id": "CVE-2022-40754", "summary": "Open Redirect", "details": "In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "unspecified"}, {"fixed": "2.4.0"}]}]}], "references": [{"type": "ADVISORY", "url": "https://github.com/apache/airflow/pull/26409"}, {"type": "ADVISORY", "url": "https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm"}]}