GSA_kwCzR0hTQS02cHczLThoOXctMzJnY84AAv2i

High CVSS: 8.7 EPSS: 0.93845% (0.99854 Percentile) EPSS:

Permalink JSON

Apache Airflow vulnerable to OS Command Injection via example DAGs

Affected Packages	Affected Versions	Fixed Versions
pypi:apache-airflow PURL: `pkg:pypi/apache-airflow`	< 2.4.0	2.4.0
314 Dependent packages 1,554 Dependent repositories 14,825,950 Downloads last month Affected Version Ranges All affected versions 1.8.1, 1.8.2, 1.8.2rc1, 1.9.0, 1.10.0, 1.10.1, 1.10.1b1, 1.10.1rc2, 1.10.2, 1.10.2b2, 1.10.2rc1, 1.10.2rc2, 1.10.2rc3, 1.10.3, 1.10.3b1, 1.10.3b2, 1.10.3rc1, 1.10.3rc2, 1.10.4, 1.10.4b2, 1.10.4rc1, 1.10.4rc2, 1.10.4rc3, 1.10.4rc4, 1.10.4rc5, 1.10.5, 1.10.5rc1, 1.10.6, 1.10.6rc1, 1.10.6rc2, 1.10.7, 1.10.7rc1, 1.10.7rc2, 1.10.7rc3, 1.10.8, 1.10.8rc1, 1.10.9, 1.10.9rc1, 1.10.10, 1.10.10rc1, 1.10.10rc2, 1.10.10rc3, 1.10.10rc4, 1.10.10rc5, 1.10.11, 1.10.11rc1, 1.10.11rc2, 1.10.12, 1.10.12rc1, 1.10.12rc2, 1.10.12rc3, 1.10.12rc4, 1.10.13, 1.10.13rc1, 1.10.14, 1.10.14rc1, 1.10.14rc2, 1.10.14rc3, 1.10.14rc4, 1.10.15, 1.10.15rc1, 2.0.0, 2.0.0b1, 2.0.0b2, 2.0.0b3, 2.0.0rc1, 2.0.0rc2, 2.0.0rc3, 2.0.1, 2.0.1rc1, 2.0.1rc2, 2.0.2, 2.0.2rc1, 2.1.0, 2.1.0rc1, 2.1.0rc2, 2.1.1, 2.1.1rc1, 2.1.2, 2.1.2rc1, 2.1.3, 2.1.3rc1, 2.1.4, 2.1.4rc1, 2.1.4rc2, 2.2.0, 2.2.0b1, 2.2.0b2, 2.2.0rc1, 2.2.1, 2.2.1rc1, 2.2.1rc2, 2.2.2, 2.2.2rc1, 2.2.2rc2, 2.2.3, 2.2.3rc1, 2.2.3rc2, 2.2.4, 2.2.4rc1, 2.2.5, 2.2.5rc1, 2.2.5rc2, 2.2.5rc3, 2.3.0, 2.3.0b1, 2.3.0rc1, 2.3.0rc2, 2.3.1, 2.3.1rc1, 2.3.2, 2.3.2rc1, 2.3.2rc2, 2.3.3, 2.3.3rc1, 2.3.3rc2, 2.3.3rc3, 2.3.4, 2.3.4rc1 All unaffected versions 2.4.0, 2.4.0b1, 2.4.0rc1, 2.4.1, 2.4.1rc1, 2.4.2, 2.4.2rc1, 2.4.3, 2.4.3rc1, 2.5.0, 2.5.0rc1, 2.5.0rc2, 2.5.0rc3, 2.5.1, 2.5.1rc1, 2.5.1rc2, 2.5.2, 2.5.2rc1, 2.5.2rc2, 2.5.3, 2.5.3rc1, 2.5.3rc2, 2.6.0, 2.6.0b1, 2.6.0rc1, 2.6.0rc2, 2.6.0rc3, 2.6.0rc4, 2.6.0rc5, 2.6.1, 2.6.1rc1, 2.6.1rc2, 2.6.1rc3, 2.6.2, 2.6.2rc1, 2.6.2rc2, 2.6.3, 2.6.3rc1, 2.7.0, 2.7.0b1, 2.7.0rc1, 2.7.0rc2, 2.7.1, 2.7.1rc1, 2.7.1rc2, 2.7.2, 2.7.2rc1, 2.7.3, 2.7.3rc1, 2.8.0, 2.8.0b1, 2.8.0rc1, 2.8.0rc2, 2.8.0rc3, 2.8.0rc4, 2.8.1, 2.8.1rc1, 2.8.2, 2.8.2rc1, 2.8.2rc2, 2.8.2rc3, 2.8.3, 2.8.3rc1, 2.8.4, 2.8.4rc1, 2.9.0, 2.9.0b1, 2.9.0b2, 2.9.0rc1, 2.9.0rc2, 2.9.0rc3, 2.9.1, 2.9.1rc1, 2.9.1rc2, 2.9.2, 2.9.2rc1, 2.9.3, 2.9.3rc1, 2.10.0, 2.10.0b1, 2.10.0b2, 2.10.0rc1, 2.10.1, 2.10.1rc1, 2.10.2, 2.10.2rc1, 2.10.3, 2.10.3rc1, 2.10.3rc2, 2.10.4, 2.10.4rc1, 2.10.5, 2.10.5rc1, 2.11.0, 2.11.0rc1, 3.0.0, 3.0.0b4, 3.0.0rc1, 3.0.0rc1.post1, 3.0.0rc1.post2, 3.0.0rc1.post3, 3.0.0rc1.post4, 3.0.0rc2, 3.0.0rc3, 3.0.0rc4, 3.0.1, 3.0.1a1, 3.0.1a2, 3.0.1rc1, 3.0.2, 3.0.2rc1, 3.0.2rc2, 3.0.3, 3.0.3rc1, 3.0.3rc2, 3.0.3rc3, 3.0.3rc4, 3.0.3rc5, 3.0.3rc6, 3.0.4, 3.0.4rc1, 3.0.4rc2, 3.0.5, 3.0.5rc1, 3.0.5rc2, 3.0.5rc3, 3.0.6, 3.0.6rc1, 3.0.6rc2, 3.1.0, 3.1.0b1, 3.1.0b2, 3.1.0rc1, 3.1.0rc2, 3.1.1, 3.1.1rc1, 3.1.1rc2, 3.1.2, 3.1.2rc1, 3.1.2rc2, 3.1.3, 3.1.3rc1, 3.1.4rc1, 3.1.4rc2

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.

References:

Identifiers

GHSA-6pw3-8h9w-32gc

CVE-2022-40127

Risk

Severity

High

CVSS

CVSS Score: 8.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.93845

EPSS Percentile: 0.99854

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/airflow

Date and time

Published

about 3 years ago

Updated

7 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories