Lucene search
K

5 matches found

Nuclei
Nuclei
added yesterday110 views

Apache Airflow OS Command Injection

Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI. id: CVE-2022-24288 info: name: Apache Airflow OS Command Injection...

8.8CVSS7AI score0.7788EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2022/10/31 12:0 a.m.22 views

Apache Airflow Command Injection (CVE-2022-24288)

A command injection vulnerability exists in Apache Airflow. This vulnerability is due to improper input validation for parameters for directed acyclic graphs DAGs...

6.5CVSS4.9AI score0.7788EPSS
Exploits0
Hacker One
Hacker One
added 2022/02/27 4:49 a.m.101 views

Internet Bug Bounty: CVE-2022-24288: Apache Airflow: TWO RCEs in example DAGs

In Apache Airflow, prior to version 2.2.4, In DAG script of airflow , there is two command injection vulnerability RCE in the some scripts, which an attacker can execute arbitrary commands on the system. The impact is even greater when airflow is configured for unauthenticated access. These two...

6.5CVSS9.3AI score0.7788EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/02/25 9:15 a.m.6 views

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.9.5.1rc1 <=1.3.1.post1) +124 more potentially affected by CVE-2022-24288 via apache-airflow (>=1.8.2 <=2.2.3)

apache-airflow PYPI version =1.8.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.10.2, =0.11.0 - airflow-ditto =0.0.1.2 and more Source cves: CVE-2022-24288 Source advisory: OSV:PYSEC-2022-30...

8.8CVSS7.2AI score0.7788EPSS
Exploits0
CVE
CVE
added 2022/02/25 8:30 a.m.162 views

CVE-2022-24288

CVE-2022-24288 affects Apache Airflow prior to 2.2.4, where some example DAGs did not properly sanitize user-provided parameters in the web UI, enabling OS command injection. Connected documents confirm an OS command injection vulnerability in affected DAGs (e.g., example_passing_params_via_test_...

8.8CVSS8.8AI score0.7788EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder