Share:

CVE-2022-24288 - Apache Airflow

February 25, 2022

Critical 8.8

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

Affected software

Apache Airflow

Reference links

https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.