CVE-2022-40127

HIGH NUCLEI LAB

Apache Airflow < 2.4.0 - Code Injection

Title source: rule

Description

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.

Exploits (2)

nomisec WORKING POC 41 stars

by Mr-xn · poc

https://github.com/Mr-xn/CVE-2022-40127

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by jakabakos · poc

https://github.com/jakabakos/CVE-2022-40127-Airflow-RCE

View Code ZIP pw:eip

Nuclei Templates (1)

AirFlow < 2.4.0 - Remote Code Execution

HIGHVERIFIEDby DhiyaneshDk,ritikchaddha

Shodan:

title:"Sign In - Airflow" || http.title:"airflow - dags" || http.html:"apache airflow" || http.title:"sign in - airflow" || product:"redis"

FOFA: title="sign in - airflow" || apache airflow || title="airflow - dags" || http.html:"apache airflow"

References (3)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/11/14/2

[Patch, Third Party Advisory] https://github.com/apache/airflow/pull/25960

[Mailing List, Third Party Advisory] https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy

Scores

CVSS v3 8.8

EPSS 0.9331

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull postgres:13

docker pull redis:latest

https://github.com/Mr-xn/CVE-2022-40127

https://github.com/jakabakos/CVE-2022-40127-Airflow-RCE

View in Library

Details

CWE

CWE-94

Status published

Products (2)

apache/airflow < 2.4.0

pypi/apache-airflow 0 - 2.4.0PyPI

Published Nov 14, 2022

Tracked Since Feb 18, 2026