9 matches found
Exploit for Code Injection in Apache Airflow
Apache Airflow official report description says: A vulnerab...
Exploit for Code Injection in Apache Airflow
Apache Airflow official report description says: A vulnerab...
Internet Bug Bounty: CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example
airflow-2.3.3/airflow/exampledags/examplebashoperator.py has a command injection vulnerability. I can control the runid in the following codeexamplebashoperator.py,So I can inject custom commands. alsorunthis = BashOperator taskid='alsorunthis', bashcommand='echo "runid= runid | dagrun= dagrun "'...
acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +131 more potentially affected by CVE-2022-40127 via apache-airflow (>=1.8.2 <=2.3.4)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-40127 Source advisory: OSV:GHSA-6PW3-8H9W-32GC...
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +131 more potentially affected by CVE-2022-40127 via apache-airflow (>=1.8.2 <=2.3.4)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-40127 Source advisory: OSV:PYSEC-2022-42982...
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
CVE-2022-40127
Apache Airflow before 2.4.0 is vulnerable to remote code execution via the run_id parameter on UI-triggered DAGs. The issue affects the Example Dags component and is triggered by manipulating run_id to execute arbitrary commands. Public references describe RCE on Airflow
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...