{"schema_version": "1.6.1", "id": "CVE-2024-25142", "summary": "Cache Control - Storage of Sensitive Data in Browser Cache ", "details": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. \n\nAirflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.\n\nThis issue affects Apache Airflow: before 2.9.2.\n\nUsers are recommended to upgrade to version 2.9.2, which fixes the issue.\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"fixed": "2.9.2"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/apache/airflow/pull/39550"}, {"type": "WEB", "url": "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr"}]}