CVE-2022-24288 - Apache Airflow
Critical 8.8
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
Affected software
Apache Airflow