Command Injection

Apache Airflow is vulnerable to Command Injection. The vulnerability is due to a non-validated parameter in the exampledagdecorator example DAG, which allows an attacker to redirect execution to a malicious server and execute arbitrary code on a worker when example DAGs are enabled...

CVE-2025-54941 Apache Airflow: Command injection in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

EUVD-2025-36993

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

Square: Redirecting a victim elsewhere through shopseen 0auth

Hello there team This is Shahmeer and i found out about an issue in the square web application that is redirection of users to some other part of the third party website due to non validation of the redirect URL parameter Basically here is the Sample URI stored on the square website with the...