A vulnerability was found in Apache Airflow up to 2.9.2. It has been classified as critical. Affected is an unknown function of the component Scheduler. The manipulation of the argument doc_md leads to Privilege Escalation.
This vulnerability is traded as CVE-2024-39877. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.