You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@airflow.apache.org by Ash Berlin-Taylor <as...@apache.org> on 2022/08/16 13:20:48 UTC
CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag
Description:
Apache Airflow Docker's Provider shipped with an example DAG that was
vulnerable to (authenticated) remote code exploit of code on the
Airflow worker host.
Mitigation:
Disable loading of example DAGs or upgrade the
apache-airflow-providers-docker to 3.0.0 or above
Credit:
Thanks to Kai Zhao of 3H Secruity Team for reporting this