Lucene search
China National Vulnerability DatabaseCNVD-2022-83589HistoryNov 24, 2022 - 12:00 a.m.
Apache Airflow OS Command Injection Vulnerability (CNVD-2022-83589)
2022-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
apache airflow
os command injection
vulnerability
apache foundation
task execution
dag file
0.007 Low
EPSS
Percentile
79.8%
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring. Apache Airflow suffers from an operating system command injection vulnerability that stems from an improper neutralization of a particular element of an operating system command, which can be exploited by an attacker to execute commands in the context of a task execution without write access to the DAG file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache apache airflow | lt | 4.0.0 |
Related
cvelist
cvelist
CVE-2022-40189 Apache Airlfow Pig Provider RCE
2022-11-22 00:00:00
cve
cve
CVE-2022-40189
2022-11-22 10:15:16
osv
osv
OS Command Injection in Apache Airflow
2022-11-22 12:30:22
CVE-2022-40189
2022-11-22 10:15:16
BIT-airflow-2022-40189
2024-03-06 10:57:25
nvd
nvd
CVE-2022-40189
2022-11-22 10:15:16
prion
prion
Command injection
2022-11-22 10:15:00
veracode
veracode
OS Command Injection
2022-11-23 09:21:12
github
github
OS Command Injection in Apache Airflow
2022-11-22 12:30:22