CVE-2022-40127

Published: Nov 14, 2022
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40127" target="_blank" rel="noopener"> CVE-2022-40127
GHSA: <a href="https://github.com/advisories/GHSA-6pw3-8h9w-32gc" target="_blank" rel="noopener"> GHSA-6pw3-8h9w-32gc
Severity: High
Exploit:

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.