QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-45498

Back to search

CVE-2024-45498

Published: Sep 7, 2024

Modified: Nov 4, 2024

PUBLISHED

Description

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

VendorProductVersions

Apache Software Foundation

Apache Airflow

affected
2.10.0

Weaknesses (CWE)

CWE-116

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now