EDB-49927webappsmultiple

Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution

Pepe Berba6/2/2021

View on Exploit-DB View Source on GitLab

AI AnalysisPowered by AI

Exploit Code

Exploit code not available in database

View Source on GitLab

Related CVEs (2)

CVE-2020-13927

9.8CRITICAL

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the de

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the de...

11/10/2020CWE-306, CWE-1188 +3

CVE-2020-11978

8.8HIGH

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any auth

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any auth...

7/17/2020CWE-78, CWE-78