CVE-2022-40127

Improper Control of Generation of Code ('Code Injection') in pypi/apache-airflow

Identifiers

CVE-2022-40127

Package Slug

pypi/apache-airflow

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter.

Affected Versions

All versions before 2.4.0

Solution

Upgrade to version 2.4.0 or above.

Last Modified

2022-11-18

source