CVE-2022-40127

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
References
Link Resource
https://github.com/apache/airflow/pull/25960 Patch Third Party Advisory
https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/11/14/2 Mailing List Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Information

Published : 2022-11-14 02:15

Updated : 2022-11-16 10:53


NVD link : CVE-2022-40127

Mitre link : CVE-2022-40127


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

apache

  • airflow