CVE-2017-15720Improper Input Validation in Apache Airflow

CWE-20Improper Input Validation5 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 48.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache AirflowApache Software Foundation Apache Airflow
Timeline
PublishedJan 23
Latest updateJan 25

Description

In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDapache/airflow1.8.2
CVEListV5apache_software_foundation/apache_airflowApache Airflow <= 1.8.2

🔴Vulnerability Details

4
GHSA
Improper Input Validation in Apache Airflow resulting in Remote Code Execution2019-01-25
OSV
Improper Input Validation in Apache Airflow resulting in Remote Code Execution2019-01-25
CVEList
CVE-2017-15720: In Apache Airflow 12019-01-23
OSV
CVE-2017-15720: In Apache Airflow 12019-01-23
CVE-2017-15720 — Improper Input Validation in Apache | cvebase