CVE-2024-10657

A vulnerability classified as critical has been found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/approvecenter/prcsinfo.php. The manipulation of the argument RUNID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

Apache Airflow Path Traversal vulnerability

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit i...

PYSEC-2023-104

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit i...

PT-2023-4800 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.6.3 Description: The issue exists due to insufficient input validation, allowing a remote attacker to cause a service disruption. This can be achieved by manipulating the run id parameter. The exploitation...

PT-2023-4777 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.6.3 Description: The issue allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run id parameter. This is considered a low-risk issue as it...

The vulnerability of the run_id parameter in the Example Dags function of the Airflow software for data processing tasks allows a attacker to execute arbitrary commands.

The vulnerability of the runid parameter in the Example Dags function of the Airflow software for data processing scenario creation, monitoring, and orchestration is related to incorrect code generation. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary...

Arbitrary Code Execution

apacheairflow is vulnerable to arbitrary code execution. The vulnerability exists in example DAGs of examplebashoperator.py which allows an attacker to execute arbitrary commands via the manually provided runid parameter...

PT-2022-5600 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.4.0 Description: A vulnerability in Example Dags of Apache Airflow is related to incorrect management of code generation. This issue allows an attacker with UI access who can trigger DAGs to execute arbitrar...