Vulnerability: Apache Airflow <=1.10.10 - Remote Code Execution

Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use).

Impact

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.

Severity

high

Verified

Unknown