CVE-2022-40127

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
References
Link Resource
https://github.com/apache/airflow/pull/25960 Patch Third Party Advisory
https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/11/14/2 Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Information

Published : 2022-11-14 10:15

Updated : 2022-11-16 06:53


NVD link : CVE-2022-40127

Mitre link : CVE-2022-40127

Products Affected
CWE