Arbitrary Code Execution Affecting airflow package, versions [0.1,]

Snyk CVSS

Attack Complexity High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-AIRFLOW-40619
published 8 Mar 2017
disclosed 8 Mar 2017
credit Rui Wang

Report a new vulnerability Found a mistake?

Introduced: 8 Mar 2017

CWE-94 Open this link in a new tab

Overview

airflow is a Programmatically author, schedule and monitor data pipelines.

Affected versions of this package are vulnerable to Arbitrary Code Execution. Anyone able to modify the application's underlying database, or a computer where certain DAG tasks are executed, may execute arbitrary code on the Airflow host.

References

Jira Issue
GitHub PR