5 matches found
CVE-2022-40954
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...
acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +129 more potentially affected by CVE-2022-40954 via apache-airflow (>=1.8.2 <=2.2.5)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-40954 Source advisory: OSV:GHSA-45R6-J3CC-6MXX...
CVE-2022-40954
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...
CVE-2022-40954 Apache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...
CVE-2022-40954
The CVE-2022-40954 issue is an OS Command Injection in the Apache Airflow Spark Provider that lets an attacker read arbitrary files in the task execution context without file write access to DAGs. Affected products: Spark Provider versions prior to 4.0.0 and Airflow versions prior to 2.3.0 when t...