In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.
[
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Airflow <= 1.8.2"
}
]
}
]