Lucene search
+L

9 matches found

githubexploit
githubexploit
added 2023/07/21 12:55 p.m.364 views

Exploit for Code Injection in Apache Airflow

Apache Airflow official report description says: A vulnerab...

8.8CVSS8.9AI score0.85653EPSS
Exploits2
githubexploit
githubexploit
added 2023/07/21 12:55 p.m.400 views

Exploit for Code Injection in Apache Airflow

Apache Airflow official report description says: A vulnerab...

8.8CVSS8.9AI score0.85653EPSS
Exploits2
hackerone
hackerone
added 2022/11/17 12:43 a.m.135 views

Internet Bug Bounty: CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example

airflow-2.3.3/airflow/exampledags/examplebashoperator.py has a command injection vulnerability. I can control the runid in the following codeexamplebashoperator.py,So I can inject custom commands. alsorunthis = BashOperator taskid='alsorunthis', bashcommand='echo "runid= runid | dagrun= dagrun "'...

6.5CVSS8.8AI score0.85653EPSS
Exploits2
vulnersosv
vulnersosv
added 2022/11/14 12:0 p.m.5 views

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +131 more potentially affected by CVE-2022-40127 via apache-airflow (>=1.8.2 <=2.3.4)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-40127 Source advisory: OSV:GHSA-6PW3-8H9W-32GC...

8.8CVSS7.2AI score0.85653EPSS
Exploits2
nvd
nvd
added 2022/11/14 10:15 a.m.34 views

CVE-2022-40127

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...

8.8CVSS0.85653EPSS
Exploits2References3
vulnersosv
vulnersosv
added 2022/11/14 10:15 a.m.4 views

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +131 more potentially affected by CVE-2022-40127 via apache-airflow (>=1.8.2 <=2.3.4)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-40127 Source advisory: OSV:PYSEC-2022-42982...

8.8CVSS7.2AI score0.85653EPSS
Exploits2
vulnrichment
vulnrichment
added 2022/11/14 12:0 a.m.8 views

CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...

8.9AI score0.85653EPSS
Exploits2References3
cve
cve
added 2022/11/14 12:0 a.m.129 views

CVE-2022-40127

Apache Airflow before 2.4.0 is vulnerable to remote code execution via the run_id parameter on UI-triggered DAGs. The issue affects the Example Dags component and is triggered by manipulating run_id to execute arbitrary commands. Public references describe RCE on Airflow

8.8CVSS8.8AI score0.85653EPSS
Exploits2References3Affected Software1
cvelist
cvelist
added 2022/11/14 12:0 a.m.52 views

CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...

9.1AI score0.85653EPSS
Exploits2References3
Rows per page
Query Builder