A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Airflow",
"versions": [
{
"version": "Apache Airflow",
"status": "affected",
"lessThan": "2.4.0",
"versionType": "custom"
}
]
}
]