Lucene search
Veracode Vulnerability DatabaseVERACODE:38001HistoryNov 15, 2022 - 6:46 a.m.
Arbitrary Code Execution
2022-11-1506:46:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
apache airflow
arbitrary code execution
dags
vulnerability
example bash operator
run id parameter
0.371 Low
EPSS
Percentile
97.2%
apache_airflow is vulnerable to arbitrary code execution. The vulnerability exists in example DAGs of example_bash_operator.py which allows an attacker to execute arbitrary commands via the manually provided run_id parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache-airflow | le | 2.3.4 | |
| apache-airflow | le | 2.3.4 |
References
www.openwall.com/lists/oss-security/2022/11/14/2
github.com/apache/airflow/commit/2bbb94897b0998c75192f97fda7f778ff709b65b
github.com/apache/airflow/pull/25960
github.com/apache/airflow/releases/tag/2.4.0
lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy
www.openwall.com/lists/oss-security/2022/11/14/2
Related
githubexploit
githubexploit
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
nuclei
nuclei
AirFlow < 2.4.0 - Remote Code Execution
2022-11-23 12:41:34
hackerone
hackerone
osv
osv
BIT-airflow-2022-40127
2024-03-06 10:57:35
PYSEC-2022-42982
2022-11-14 10:15:00
Apache Airflow vulnerable to OS Command Injection via example DAGs
2022-11-14 12:00:15
cnvd
cnvd
Apache Airflow code injection vulnerability
2022-11-17 00:00:00
cve
cve
CVE-2022-40127
2022-11-14 10:15:10
github
github
Apache Airflow vulnerable to OS Command Injection via example DAGs
2022-11-14 12:00:15
prion
prion
Design/Logic Flaw
2022-11-14 10:15:00
nvd
nvd
CVE-2022-40127
2022-11-14 10:15:10
cvelist
cvelist
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example
2022-11-14 00:00:00