8 matches found
CVE-2025-54415
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415
CVE-2025-54415 affects the dag-factory project (Apache Airflow) for versions ≤ 0.23.0a8. The vulnerability lies in the cicd.yml workflow configured in the astronomer/dag-factory GitHub repository, which, when triggered by pull_request_target, can be exploited to execute arbitrary code in the GitH...
CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
dag-factory 操作系统命令注入漏洞
dag-factory is an Astronomer open source by building Apache Airflow DAG. An operating system command injection vulnerability exists in dag-factory 0.23.0a8 and earlier versions, which stems from a misconfiguration of the cicd.yml workflow and could lead to arbitrary code execution...
PT-2025-30952 · Unknown · Apache Airflow +1
Name of the Vulnerable Software and Affected Versions: dag-factory versions 0.23.0a8 and below Description: dag-factory is a library for Apache Airflow® used to construct DAGs declaratively via configuration files. A high-severity issue exists in the cicd.yml workflow within the...