Lucene search
Veracode Vulnerability DatabaseVERACODE:36725HistoryAug 17, 2022 - 4:35 a.m.
Remote Code Execution (RCE)
2022-08-1704:35:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
remote code execution
apache-airflow
vulnerability
context manager
malicious code
software
EPSS
0.001
Percentile
34.0%
apache-airflow is vulnerable to remote code execution. The vulnerability exists because the library does not properly clean up the example dags when using context manager, allowing an attacker to inject and execute malicious code on the airflow worker host.
References
www.openwall.com/lists/oss-security/2022/08/16/1
github.com/advisories/GHSA-746v-hfh2-xphm
github.com/apache/airflow/commit/56fd04016f1a8561f1c02e7f756bab8805c05876
github.com/apache/airflow/pull/24007
lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb
www.openwall.com/lists/oss-security/2022/08/16/1
Related
cvelist
cvelist
CVE-2022-38362 Docker Provider <3.0 RCE vulnerability in example dag
2022-08-16 14:10:09
osv
osv
Remote code execution in Apache Airflow Docker's Provider
2022-08-17 00:00:21
cnvd
cnvd
Apache Airflow Remote Code Execution Vulnerability (CNVD-2022-59057)
2022-08-19 00:00:00
hackerone
hackerone
github
github
Remote code execution in Apache Airflow Docker's Provider
2022-08-17 00:00:21
cve
cve
CVE-2022-38362
2022-08-16 14:15:08
nvd
nvd
CVE-2022-38362
2022-08-16 14:15:08
prion
prion
Design/Logic Flaw
2022-08-16 14:15:00