GHSA-746v-hfh2-xphm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-746v-hfh2-xphm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-746v-hfh2-xphm/GHSA-746v-hfh2-xphm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-746v-hfh2-xphm
- Aliases
- Published
- 2022-08-17T00:00:21Z
- Modified
- 2024-12-06T05:29:25.232962Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Remote code execution in Apache Airflow Docker's Provider
- Details
-
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above.
- Database specific
{ "github_reviewed": true, "nvd_published_at": "2022-08-16T14:15:00Z", "cwe_ids": [], "github_reviewed_at": "2023-04-13T17:53:42Z", "severity": "HIGH" }- References
Affected packages
PyPI / apache-airflow-providers-docker
Package
- Name
- apache-airflow-providers-docker
- View open source insights on deps.dev
- Purl
- pkg:pypi/apache-airflow-providers-docker
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.0
Affected versions
1.*
1.0.0b1
1.0.0b2
1.0.0rc1
1.0.0
1.0.1rc1
1.0.1
1.0.2rc1
1.0.2
1.1.0rc1
1.1.0
1.2.0rc1
1.2.0
2.*
2.0.0rc1
2.0.0rc2
2.0.0
2.1.0rc1
2.1.0rc2
2.1.0
2.1.1rc1
2.1.1
2.2.0rc1
2.2.0
2.3.0rc1
2.3.0
2.4.0rc1
2.4.0
2.4.1rc1
2.4.1rc2
2.4.1
2.5.0rc1
2.5.0
2.5.1rc1
2.5.1
2.5.2rc1
2.5.2
2.6.0rc1
2.6.0
2.7.0rc1
2.7.0
3.*
3.0.0rc1
3.0.0rc2