CVE-2022-40127 Information
Nov 15, 2022
cve
Description
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
Reference
https://github.com/apache/airflow/pull/25960 https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy http://www.openwall.com/lists/oss-security/2022/11/14/2
Share on: