High severityNVD Advisory· Published Aug 16, 2022· Updated Aug 3, 2024
Docker Provider <3.0 RCE vulnerability in example dag
CVE-2022-38362
Description
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflow-providers-dockerPyPI | < 3.0.0 | 3.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-746v-hfh2-xphmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-38362ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/08/16/1ghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkbghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.