High severityNVD Advisory· Published Feb 25, 2022· Updated Aug 3, 2024
Apache Airflow: RCE in example DAGs
CVE-2022-24288
Description
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflowPyPI | < 2.2.4 | 2.2.4 |
Affected products
3- osv-coords2 versions
< 2.2.4+ 1 more
- (no CPE)range: < 2.2.4
- (no CPE)range: < 2.2.4
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.