Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information. The functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.

N/A

对生成代码的控制不恰当(代码注入)

Apache Airflow 安全漏洞

Apache Airflow是美国阿帕奇（Apache）基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 2 2.11.1之前版本存在安全漏洞，该漏洞源于DAG作者可通过操纵数据库在Web服务器环境中执行任意代码，可能导致远程代码执行。

N/A

N/A