Apache Airflow Remote Code Execution Vulnerability (CVE-2022-40127)

novembro 22, 2022

Overview On November 21, NSFOCUS CERT discovered on Internet a PoC of a remote code execution vulnerability (CVE-2022-40127) in Apache Airflow. Due to the flaw in Example Dags in Apache Airflow, an attacker with UI access rights can use this vulnerability to trigger Dags, and then by manually providing the run_id parameter, attacker can execute […]


Inscreva-se no Blog da NSFOCUS