apache_airflow is vulnerable to arbitrary code execution. The vulnerability exists in example DAGs of example_bash_operator.py
which allows an attacker to execute arbitrary commands via the manually provided run_id
parameter.
CPE | Name | Operator | Version |
---|---|---|---|
apache-airflow | le | 2.3.4 | |
apache-airflow | le | 2.3.4 |
www.openwall.com/lists/oss-security/2022/11/14/2
github.com/apache/airflow/commit/2bbb94897b0998c75192f97fda7f778ff709b65b
github.com/apache/airflow/pull/25960
github.com/apache/airflow/releases/tag/2.4.0
lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy
www.openwall.com/lists/oss-security/2022/11/14/2