apache_airflow is vulnerable to improper authorization. A deactivated user is able to continue using the UI or the API with an already authenticated session due to the insufficient checks in `create_app` function.Read More