Apache Airflow Remote Code Execution Vulnerability (CVE-2022-40127)
November 22, 2022
Overview On November 21, NSFOCUS CERT discovered on Internet a PoC of a remote code execution vulnerability (CVE-2022-40127) in Apache Airflow. Due to the flaw in Example Dags in Apache Airflow, an attacker with UI access rights can use this vulnerability to trigger Dags, and then by manually providing the run_id parameter, attacker can execute […]
