x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2023-50944

[GoVulnBot]

CVE-2023-50944 references github.com/apache/airflow, which may be a Go module.

Description:
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-50944
• JSON: https://github.com/CVEProject/cvelist/tree/d60c28c8bf4b1e2c8335019d5146a570ea639d14/2023/50xxx/CVE-2023-50944.json
• fix: Check DAG read permission before accessing DAG code apache/airflow#36257
• web: https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h
• Imported by: https://pkg.go.dev/github.com/apache/airflow?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/apache/airflow
      vulnerable_at: 1.8.2
      packages:
        - package: Apache Airflow
cves:
    - CVE-2023-50944
references:
    - fix: https://github.com/apache/airflow/pull/36257
    - web: https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h

[gopherbot]

Change https://go.dev/cl/557819 mentions this issue: data/excluded: batch add 10 excluded reports