You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@airflow.apache.org by Ash Berlin-Taylor <as...@apache.org> on 2022/08/16 13:20:48 UTC

CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag

Description:

Apache Airflow Docker's Provider shipped with an example DAG that was 
vulnerable to (authenticated) remote code exploit of code on the 
Airflow worker host.


Mitigation:

Disable loading of example DAGs or upgrade the 
apache-airflow-providers-docker to 3.0.0 or above

Credit:

Thanks to Kai Zhao of 3H Secruity Team for reporting this