Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.
References
Configurations
No configuration.
History
04 Nov 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Sep 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-07 08:15
Updated : 2024-11-04 17:35
NVD link : CVE-2024-45498
Mitre link : CVE-2024-45498
CVE.ORG link : CVE-2024-45498
JSON object : View
Products Affected
No product.
CWE
CWE-116
Improper Encoding or Escaping of Output