CVE-2023-22884

Improper Neutralization of Special Elements used in a Command ('Command Injection') in pypi/apache-airflow

Identifiers

CVE-2023-22884, GHSA-c732-xvv8-g94c

Package Slug

pypi/apache-airflow

Vulnerability

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.

Affected Versions

All versions before 2.5.1

Solution

Upgrade to version 2.5.1 or above.

Last Modified

2023-01-31

source