CVE-2022-38649

🗓️ 22 Nov 2022 10:10:15Reported by [email protected]Type

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provide

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2022-38649	22 Nov 202210:15	–	cve
OSV	CVE-2022-38649	22 Nov 202210:15	–	osv
OSV	BIT-airflow-2022-38649	6 Mar 202410:57	–	osv
OSV	OS Command Injection in Apache Airflow	22 Nov 202212:30	–	osv
Veracode	OS Command Injection	24 Nov 202203:46	–	veracode
Prion	Command injection	22 Nov 202210:15	–	prion
Github Security Blog	OS Command Injection in Apache Airflow	22 Nov 202212:30	–	github
Cvelist	CVE-2022-38649 Apache Airflow Pinot provider allowed Command Injection	22 Nov 202200:00	–	cvelist

Nvd

Node

apache airflowRange<2.3.0

apache apache-airflow-providers-apache-pinotRange<4.0.0

Source	Link
lists	www.lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz
github	www.github.com/apache/airflow/pull/27641

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Nov 2022 10:15Current

CVSS39.8

EPSS0.01228

CWE-78