CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Information

Published : 2020-07-16 17:15

Updated : 2022-07-12 10:42


NVD link : CVE-2020-11978

Mitre link : CVE-2020-11978


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

apache

  • airflow