Lucene search
GoogleOSV:GHSA-6PW3-8H9W-32GCHistoryNov 14, 2022 - 12:00 p.m.
Apache Airflow vulnerable to OS Command Injection via example DAGs
2022-11-1412:00:15
Google
osv.dev
4
apache airflow
os command injection
example dags
ui access
arbitrary commands
run_id parameter
security vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.371 Low
EPSS
Percentile
97.2%
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.
Related
githubexploit
githubexploit
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
nuclei
nuclei
AirFlow < 2.4.0 - Remote Code Execution
2022-11-23 12:41:34
hackerone
hackerone
osv
osv
BIT-airflow-2022-40127
2024-03-06 10:57:35
PYSEC-2022-42982
2022-11-14 10:15:00
CVE-2022-40127
2022-11-14 10:15:10
cnvd
cnvd
Apache Airflow code injection vulnerability
2022-11-17 00:00:00
cve
cve
CVE-2022-40127
2022-11-14 10:15:10
veracode
veracode
Arbitrary Code Execution
2022-11-15 06:46:03
github
github
Apache Airflow vulnerable to OS Command Injection via example DAGs
2022-11-14 12:00:15
nvd
nvd
CVE-2022-40127
2022-11-14 10:15:10
prion
prion
Design/Logic Flaw
2022-11-14 10:15:00
cvelist
cvelist
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example
2022-11-14 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.371 Low
EPSS
Percentile
97.2%
Related for OSV:GHSA-6PW3-8H9W-32GC