CVE-2024-45498
CVSS V2 None
CVSS V3 None
Description
Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.
Overview
- CVE ID
- CVE-2024-45498
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-07T07:43:43.899Z
- Last Modified Date
- 2024-09-07T08:03:14.894Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/apache/airflow/pull/41873 | patch |
| https://lists.apache.org/thread/tl7lzczcqdmqj2pcpbvtjdpd2tb9561n | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-45498 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45498 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-09-08 13:07:00 | Added to TrackCVE |