A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
Do not enable example dags on systems that should not allow UI user to execute an arbitrary command.
References
History
Wed, 30 Apr 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2025-04-30T18:58:45.160Z
Reserved: 2022-09-06T00:00:00.000Z
Link: CVE-2022-40127

Updated: 2024-08-03T12:14:39.589Z

Status : Modified
Published: 2022-11-14T10:15:10.293
Modified: 2025-04-30T19:15:50.510
Link: CVE-2022-40127

No data.

No data.