CNNVD-202512-3293 Information
CNNVD ID
CNNVD-202512-3293
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Apache Airflow是美国阿帕奇(Apache)基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow存在安全漏洞,该漏洞源于Dag作者可在Web服务器环境中执行远程代码,可能导致远程代码执行。
Description (English)
Apache Airflow is an open-source platform for the Apache Foundation in the United States with the function of creating, managing and monitoring workflows. The platform has such characteristics as scalable and dynamic monitoring. There is a security gap in Apache Airflow, which stems from the fact that Dag author can implement remote code in the Web server environment, which may result in remote code implementation.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/apache/airflow/pull/59143 https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs http://www.openwall.com/lists/oss-security/2025/12/16/3
Patch
https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs
Share on: