CVE-2022-24288

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
25/02/2022
Last modified:
04/03/2022

Description

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* 2.2.4 (excluding)


References to Advisories, Solutions, and Tools