CVE-2017-15720

Summary

In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache AirflowApache Airflow <= 1.8.2affected

Weaknesses

  • Remote code execution (RCE)

ADP Enrichment

CVE Program Container

Additional References

References