5 matches found
CVE-2024-45498
Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...
CVE-2024-45498 vulnerabilities
Vulnerabilities for packages: airflow...
CVE-2024-45498 vulnerabilities
Vulnerabilities for packages: airflow...
CVE-2024-45498 Apache Airflow: Command Injection in an example DAG
Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...
Internet Bug Bounty: CVE-2024-45498: Apache Airflow Command injection in read_dataset_event_from_classic DAG
CVE-2024-45498 was a command injection vulnerability in the readdataseteventfromclassic DAG in Apache Airflow version 2.10.0. The vulnerability allowed an attacker with user privileges to inject OS commands into the s3://output/1.txt dataset, which were then executed when the DAG was triggered...