CVE-2022-40127
pypi/apache-airflow
Improper Control of Generation of Code ('Code Injection')
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter.
All versions before 2.4.0
Upgrade to version 2.4.0 or above.
2022-11-18
source |