CVE-2022-38362

Summary

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache AirflowApache Airflow Docker Provider < 3.0.0affected

Weaknesses

  • Remote Code Execution

Workarounds

Disable loading of example DAGs or upgrade the apache-airflow-providers-docker to 3.0.0 or above

ADP Enrichment

CVE Program Container

Additional References

References