Lucene search
China National Vulnerability DatabaseCNVD-2022-18263HistoryFeb 28, 2022 - 12:00 a.m.
Apache Airflow OS Command Injection Vulnerability (CNVD-2022-18263)
2022-02-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
15
apache airflow
command injection
vulnerability
operating system
input validation
remote attack
unauthenticated
http requests
apache foundation
EPSS
0.949
Percentile
99.3%
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring. Apache Airflow is vulnerable to an operating system command injection vulnerability that exists due to incorrect input validation in certain sample dag. A remote, unauthenticated attacker could exploit the vulnerability to be able to pass specially crafted HTTP requests and execute arbitrary operating system commands on the target system.
Related
nvd
nvd
CVE-2022-24288
2022-02-25 09:15:06
cve
cve
CVE-2022-24288
2022-02-25 09:15:06
nuclei
nuclei
Apache Airflow OS Command Injection
2022-03-19 10:29:17
github
github
OS Command injection in Apache Airflow
2022-02-26 00:00:44
osv
osv
CVE-2022-24288
2022-02-25 09:15:06
OS Command injection in Apache Airflow
2022-02-26 00:00:44
PYSEC-2022-30
2022-02-25 09:15:00
hackerone
hackerone
checkpoint_advisories
checkpoint_advisories
Apache Airflow Command Injection (CVE-2022-24288)
2022-10-31 00:00:00
cvelist
cvelist
CVE-2022-24288 Apache Airflow: RCE in example DAGs
2022-02-25 08:30:16
prion
prion
Command injection
2022-02-25 09:15:00