Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamic monitoring features. Apache Airflow has a code injection vulnerability, the vulnerability stems from the user input structure during the execution of commands, the network system or product does not correctly filter the special characters, commands, etc., an attacker with UI access can use the vulnerability to trigger DAGs, by manually providing the run_id parameter to execute arbitrary commands.
CPE | Name | Operator | Version |
---|---|---|---|
apache apache airflow | lt | 2.4.0 |