Do your applications use this vulnerable package?
Test your applications
Overview
airflow
is a Programmatically author, schedule and monitor data pipelines.
Affected versions of this package are vulnerable to Arbitrary Code Execution. User input is sent unchecked to the the python eval
function which directly executes the parameters. Any user who can create or edit charts may execute arbitrary code on the server.
References
CVSS Score
7.3
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityLow
-
AvailabilityLow
- Credit
- Unknown
- CWE
- CWE-94
- Snyk ID
- SNYK-PYTHON-AIRFLOW-40616
- Disclosed
- 03 Mar, 2017
- Published
- 03 Mar, 2017