CNNVD-202510-4241 Information

CNNVD ID

CNNVD-202510-4241

Related CVE

CVE-2025-62402

• CNNVD Published: 2025-10-30

Description (Chinese)

Apache Airflow是美国阿帕奇（Apache）基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow存在安全漏洞，该漏洞源于/api/v2/dagReports接口允许在api-server环境中执行Dag代码，可能导致远程代码执行。

Description (English)

Apache Airflow is an open-source platform for the Apache Foundation in the United States with the function of creating, managing and monitoring workflows. The platform has such characteristics as scalable and dynamic monitoring. There is a security loophole in Apache Airflow, which stems from the /api/v2/dagReports interface allowing the implementation of Dag code in api-server environment, which may result in remote code implementation.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-10-30

Last Modified

2026-02-24

References

https://lists.apache.org/thread/vbzxnxn031wb998hsd7vqnvh4z8nx6rs http://www.openwall.com/lists/oss-security/2025/10/29/7

Patch

https://lists.apache.org/thread/vbzxnxn031wb998hsd7vqnvh4z8nx6rs