Apache Airflow <= 1.10.10 - 'Example Dag' Remote Code Execution CVE-2020-11978 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

Apache Airflow <= 1.10.10 - 'Example Dag' Remote Code Execution CVE-2020-11978 Scanner Detail

In Apache Airflow <= 1.10.10, there is a Remote Code Execution vulnerability.

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Some Advice for Common Problems

You need to update to latest version.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service