CVE-2024-45498
ADVISORY - githubSummary
Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.
EPSS Score: 0.01625 (0.821)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Encoding or Escaping of Output
ADVISORY - github
Improper Encoding or Escaping of Output
NIST
CREATED
UPDATED
ADVISORY IDCVE-2024-45498
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.8highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-c392-whpc-vfpr
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.7highPypA
CREATED
UPDATED
ADVISORY ID
PYSEC-2024-266
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
8.8highBitnami
CREATED
UPDATED
ADVISORY ID
BIT-airflow-2024-45498
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
8.8highChainguard
CREATED
UPDATED
ADVISORY ID
CGA-8v9p-8j98-vh6q
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-r95c-6w6h-wgm6
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-