Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:37 a.m.14 views

CVE-2022-40954

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...

5.5CVSS6.8AI score0.01383EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/11/22 12:30 p.m.5 views

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +129 more potentially affected by CVE-2022-40954 via apache-airflow (>=1.8.2 <=2.2.5)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-40954 Source advisory: OSV:GHSA-45R6-J3CC-6MXX...

5.5CVSS6AI score0.01383EPSS
Exploits0
NVD
NVD
added 2022/11/22 10:15 a.m.17 views

CVE-2022-40954

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...

5.5CVSS0.01383EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/22 12:0 a.m.23 views

CVE-2022-40954 Apache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...

5.8AI score0.01383EPSS
Exploits0References2
CVE
CVE
added 2022/11/22 12:0 a.m.97 views

CVE-2022-40954

The CVE-2022-40954 issue is an OS Command Injection in the Apache Airflow Spark Provider that lets an attacker read arbitrary files in the task execution context without file write access to DAGs. Affected products: Spark Provider versions prior to 4.0.0 and Airflow versions prior to 2.3.0 when t...

5.5CVSS5.5AI score0.01383EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder