Lucene search
CVE-2023-22884
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider
Show more
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2023-22884 | 21 Jan 202314:15 | – | osv |
| Command Injection in Apache Airflow and Apache Airflow MySQL Provider | 21 Jan 202315:30 | – | osv |
| BIT-airflow-2023-22884 | 6 Mar 202410:55 | – | osv |
 | Exploit for Command Injection in Apache Airflow | 29 Jul 202309:26 | – | githubexploit |
| Exploit for Command Injection in Apache Airflow | 29 Jul 202309:26 | – | githubexploit |
 | CVE-2023-22884 Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow | 21 Jan 202313:02 | – | cvelist |
 | Command Injection in Apache Airflow and Apache Airflow MySQL Provider | 21 Jan 202315:30 | – | github |
 | Command injection | 21 Jan 202314:15 | – | prion |
 | Command Injection | 25 Jan 202305:48 | – | veracode |
 | CVE-2023-22884 | 21 Jan 202314:15 | – | nvd |
10
Node
[
{
"defaultStatus": "unaffected",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Apache Airflow MySQL Provider",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| bulk_load_from_file | path | /dags | Vulnerability allowing command injection through improper input sanitization in Apache Airflow's MySQL provider. | CWE-77 |
| --host | request body | /exploit.py | Command injection vulnerability in exploit script for Apache Airflow allowing attackers to execute arbitrary commands. | CWE-77 |
| --mode | request body | /exploit.py | Command injection vulnerability in exploit script for Apache Airflow allowing attackers to execute arbitrary commands. | CWE-77 |
| --ci | request body | /exploit.py | Command injection vulnerability in exploit script for Apache Airflow allowing attackers to execute arbitrary commands. | CWE-77 |
| --di | request body | /exploit.py | Command injection vulnerability in exploit script for Apache Airflow allowing attackers to execute arbitrary commands. | CWE-77 |
| -u | request body | /exploit.py | Command injection vulnerability in exploit script for Apache Airflow allowing attackers to execute arbitrary commands. | CWE-77 |
| -p | request body | /exploit.py | Command injection vulnerability in exploit script for Apache Airflow allowing attackers to execute arbitrary commands. | CWE-77 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo21 Jan 2023 14:15Current
9.5High risk
Vulners AI Score9.5
CVSS39.8
EPSS0.00783