Описание
API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| airflow | itp | package |
Связанные уязвимости
CVSS3: 5.4
nvd
3 месяца назад
API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.
CVSS3: 5.4
github
3 месяца назад
Apache Airflow `/api/v2/dagReports` executes DAG Python in API