Description
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
References (2)
Core 2
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb
Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/08/16/1
Scores
CVSS v3
8.8
EPSS
0.0071
EPSS Percentile
72.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (2)
apache/apache-airflow-providers-docker
< 3.0.0
pypi/apache-airflow-providers-docker
0 - 3.0.0PyPI
Published
Aug 16, 2022
Tracked Since
Feb 18, 2026