GHSA-746v-hfh2-xphm

Опубликовано: 17 авг. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Remote code execution in Apache Airflow Docker's Provider

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above.

Ссылки

Пакеты

Наименование

apache-airflow-providers-docker

pip

Затронутые версииВерсия исправления

< 3.0.0

3.0.0

EPSS

Процентиль: 73%

0.00757

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-38362

Связанные уязвимости

CVE-2022-38362

CVSS3: 8.8

nvd

больше 3 лет назад

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.

CVE-2022-38362

CVSS3: 8.8

debian

больше 3 лет назад

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...

EPSS

Процентиль: 73%

0.00757

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-38362