Lucene search
China National Vulnerability DatabaseCNVD-2022-78862HistoryNov 17, 2022 - 12:00 a.m.
Apache Airflow code injection vulnerability
2022-11-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
apache airflow
open source platform
workflows
code injection
vulnerability
user input
execution
commands
network system
product
filtering
special characters
attacker
ui access
dags
run_id parameter
arbitrary commands
cnvd
0.371 Low
EPSS
Percentile
97.2%
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamic monitoring features. Apache Airflow has a code injection vulnerability, the vulnerability stems from the user input structure during the execution of commands, the network system or product does not correctly filter the special characters, commands, etc., an attacker with UI access can use the vulnerability to trigger DAGs, by manually providing the run_id parameter to execute arbitrary commands.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache apache airflow | lt | 2.4.0 |
Related
githubexploit
githubexploit
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
nuclei
nuclei
AirFlow < 2.4.0 - Remote Code Execution
2022-11-23 12:41:34
hackerone
hackerone
osv
osv
PYSEC-2022-42982
2022-11-14 10:15:00
BIT-airflow-2022-40127
2024-03-06 10:57:35
CVE-2022-40127
2022-11-14 10:15:10
cve
cve
CVE-2022-40127
2022-11-14 10:15:10
veracode
veracode
Arbitrary Code Execution
2022-11-15 06:46:03
github
github
Apache Airflow vulnerable to OS Command Injection via example DAGs
2022-11-14 12:00:15
nvd
nvd
CVE-2022-40127
2022-11-14 10:15:10
prion
prion
Design/Logic Flaw
2022-11-14 10:15:00
cvelist
cvelist
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example
2022-11-14 00:00:00