Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 04 Jun 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:apache:airflow:2.10.0:-:*:*:*:*:*:* |
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 04 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache airflow |
|
CPEs | cpe:2.3:a:apache:airflow:2.10.0:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache airflow |
|
References |
|
|
Metrics |
cvssV3_1
|
Mon, 09 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Sat, 07 Sep 2024 08:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later. | |
Title | Apache Airflow: Command Injection in an example DAG | |
Weaknesses | CWE-116 | |
References |
|

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-11-04T16:24:53.972Z
Reserved: 2024-08-30T12:52:06.199Z
Link: CVE-2024-45498

Updated: 2024-09-07T08:03:14.894Z

Status : Analyzed
Published: 2024-09-07T08:15:11.407
Modified: 2025-06-03T21:12:43.280
Link: CVE-2024-45498

No data.

No data.