Lucene search
ApacheCVELIST:CVE-2022-24288HistoryFeb 25, 2022 - 8:30 a.m.
CVE-2022-24288 Apache Airflow: RCE in example DAGs
2022-02-2508:30:16
CWE-78
apache
www.cve.org
6
apache airflow
rce
vulnerability
os command injection
example dags
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
CNA Affected
[
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2022-24288
2022-02-25 09:15:06
cve
cve
CVE-2022-24288
2022-02-25 09:15:06
nuclei
nuclei
Apache Airflow OS Command Injection
2022-03-19 10:29:17
cnvd
cnvd
Apache Airflow OS Command Injection Vulnerability (CNVD-2022-18263)
2022-02-28 00:00:00
github
github
OS Command injection in Apache Airflow
2022-02-26 00:00:44
osv
osv
CVE-2022-24288
2022-02-25 09:15:06
OS Command injection in Apache Airflow
2022-02-26 00:00:44
PYSEC-2022-30
2022-02-25 09:15:00
hackerone
hackerone
checkpoint_advisories
checkpoint_advisories
Apache Airflow Command Injection (CVE-2022-24288)
2022-10-31 00:00:00
prion
prion
Command injection
2022-02-25 09:15:00