Lucene search
ApacheCVELIST:CVE-2022-40127HistoryNov 14, 2022 - 12:00 a.m.
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example
2022-11-1400:00:00
CWE-94
apache
www.cve.org
cve-2022-40127
apache airflow
example dags
rce
ui access
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Airflow",
"versions": [
{
"version": "Apache Airflow",
"status": "affected",
"lessThan": "2.4.0",
"versionType": "custom"
}
]
}
]Related
githubexploit
githubexploit
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
nuclei
nuclei
AirFlow < 2.4.0 - Remote Code Execution
2022-11-23 12:41:34
hackerone
hackerone
osv
osv
BIT-airflow-2022-40127
2024-03-06 10:57:35
PYSEC-2022-42982
2022-11-14 10:15:00
Apache Airflow vulnerable to OS Command Injection via example DAGs
2022-11-14 12:00:15
cnvd
cnvd
Apache Airflow code injection vulnerability
2022-11-17 00:00:00
cve
cve
CVE-2022-40127
2022-11-14 10:15:10
veracode
veracode
Arbitrary Code Execution
2022-11-15 06:46:03
github
github
Apache Airflow vulnerable to OS Command Injection via example DAGs
2022-11-14 12:00:15
prion
prion
Design/Logic Flaw
2022-11-14 10:15:00
nvd
nvd
CVE-2022-40127
2022-11-14 10:15:10