CVE-2017-15720 – apache-airflow

Package

Manager: pip
Name: apache-airflow
Vulnerable Version: >=0 <1.9.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00364 pctl0.5769

Details

Improper Input Validation in Apache Airflow resulting in Remote Code Execution In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

Metadata

Created: 2019-01-25T16:19:01Z
Modified: 2024-09-09T21:31:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-8fg4-j562-mjrc/GHSA-8fg4-j562-mjrc.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-8fg4-j562-mjrc
Finding: F184
Auto approve: 1