A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-11-14T00:00:00
Updated: 2024-08-03T12:14:39.589Z
Reserved: 2022-09-06T00:00:00
Link: CVE-2022-40127
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-14T10:15:10.293
Modified: 2024-11-21T07:20:55.030
Link: CVE-2022-40127
Redhat
No data.