Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.5 views

CVE-2024-45498

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

8.8CVSS8.8AI score0.01237EPSS
Exploits0References1
Chainguard
Chainguard
added 2024/09/07 8:15 a.m.27 views

CVE-2024-45498 vulnerabilities

Vulnerabilities for packages: airflow...

8.8CVSS8.9AI score0.01237EPSS
Exploits0
Wolfi
Wolfi
added 2024/09/07 8:15 a.m.32 views

CVE-2024-45498 vulnerabilities

Vulnerabilities for packages: airflow...

8.8CVSS7.2AI score0.01237EPSS
Exploits0
Cvelist
Cvelist
added 2024/09/07 7:43 a.m.68 views

CVE-2024-45498 Apache Airflow: Command Injection in an example DAG

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

0.01237EPSS
Exploits0References2
Hacker One
Hacker One
added 2024/09/07 3:1 a.m.17 views

Internet Bug Bounty: CVE-2024-45498: Apache Airflow Command injection in read_dataset_event_from_classic DAG

CVE-2024-45498 was a command injection vulnerability in the readdataseteventfromclassic DAG in Apache Airflow version 2.10.0. The vulnerability allowed an attacker with user privileges to inject OS commands into the s3://output/1.txt dataset, which were then executed when the DAG was triggered...

8.8CVSS7.3AI score0.01237EPSS
Exploits0
Rows per page
Query Builder