PT-2025-8987 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential deadlock issue in the Linux kernel's rhashtable has been resolved. The problem occurred due to a possible circular locking dependency between the rhashtable bucket, rq lock...

Arbitrary Code Execution

Apache Airflow is vulnerable to Arbitrary Code Execution. The vulnerability is due to a flaw in the docmd parameter via airflow/models/dag.py, allowing authenticated DAG authors to craft it in a way that could execute arbitrary code in the scheduler context...

CVE-2024-39877

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a docmd parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to...

CVE-2024-39877

Summary: CVE-2024-39877 affects Apache Airflow 2.4.0 and all versions before 2.9.3. Affected component is the doc_md parameter that authenticated DAG authors can craft to cause arbitrary code execution in the scheduler context. This is described across multiple sources (NVD, OSV entries, GHSA adv...