Remote code execution in Apache Airflow Docker's Provider
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
Advisories for Pypi/Apache-Airflow-Providers-Docker package
2022