You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/12/26 10:00:57 UTC

[GitHub] [airflow] Vishal2696 opened a new issue, #28591: Security Vulnerability: Airflow using netcat tool. Is it possible to consume airflow without netcat?

Vishal2696 opened a new issue, #28591:
URL: https://github.com/apache/airflow/issues/28591

   ### Apache Airflow version
   
   Other Airflow 2 version (please specify below)
   
   ### What happened
   
   **Deployment Platform:** Kubernetes
   **Airflow Version:** 2.2.3
   **Executor:** Celery
   **Using Redis:** Yes (Redis running as separate pod)
   **Metadata Db:** Azure Postgres DB (PAAS)
   
   Hi team, 
   I was informed by my organization's security team that Airflow is using "netcat" tool and added that the tool increases the capabilities of a potential attacker who is trying to "live off the land". 
   
   Are the airflow maintainers already aware of this? As an end-user is it possible for me to consume an official airflow image that does not have netcat? 
   
   ### What you think should happen instead
   
   _No response_
   
   ### How to reproduce
   
   _No response_
   
   ### Operating System
   
   Linux
   
   ### Versions of Apache Airflow Providers
   
   _No response_
   
   ### Deployment
   
   Other Docker-based deployment
   
   ### Deployment details
   
   _No response_
   
   ### Anything else
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] uranusjr closed issue #28591: Security Vulnerability: Airflow using netcat tool. Is it possible to consume airflow without netcat?

Posted by GitBox <gi...@apache.org>.

uranusjr closed issue #28591: Security Vulnerability: Airflow using netcat tool. Is it possible to consume airflow without netcat?
URL: https://github.com/apache/airflow/issues/28591


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org