Lucene search
CVE-2022-40127
๐๏ธย 14 Nov 2022ย 10:10:15Reported byย apacheTypeย 
ย cve๐ย web.nvd.nist.gov๐ฐ๏ธย 18ย Media mentions๐ย 90ย Views๐ WEB
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0
Show more
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example | 14 Nov 202200:00 | โ | cvelist |
 | Exploit for Code Injection in Apache Airflow | 21 Jul 202312:55 | โ | githubexploit |
| Exploit for Code Injection in Apache Airflow | 21 Jul 202312:55 | โ | githubexploit |
 | Apache Airflow code injection vulnerability | 17 Nov 202200:00 | โ | cnvd |
 | PYSEC-2022-42982 | 14 Nov 202210:15 | โ | osv |
| BIT-AIRFLOW-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example | 6 Mar 202410:57 | โ | osv |
| CVE-2022-40127 | 14 Nov 202210:15 | โ | osv |
| GHSA-6PW3-8H9W-32GC Apache Airflow vulnerable to OS Command Injection via example DAGs | 14 Nov 202212:00 | โ | osv |
 | CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example | 14 Nov 202200:00 | โ | vulnrichment |
 | CVE-2022-40127 | 14 Nov 202210:15 | โ | nvd |
10
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Airflow",
"versions": [
{
"version": "Apache Airflow",
"status": "affected",
"lessThan": "2.4.0",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| run_id | query param | /dags | RCE vulnerability in Apache Airflow that allows execution of arbitrary commands via the run_id parameter. | CWE-94 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 Nov 2022 10:15Current
8.8High risk
Vulners AI Score8.8
CVSS38.8
EPSS0.93468
SSVC