oss-sec mailing list archives
CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag
From: Ash Berlin-Taylor <ash () apache org>
Date: Tue, 16 Aug 2022 14:20:50 +0100
Description:Apache Airflow Docker's Provider shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
Mitigation:Disable loading of example DAGs or upgrade the apache-airflow-providers-docker to 3.0.0 or above
Credit: Thanks to Kai Zhao of 3H Secruity Team for reporting this
Current thread:
- CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag Ash Berlin-Taylor (Aug 16)