漏洞描述
Apache 2.2.4版之前的版本容易受到OS命令注入攻击,因为一些示例DAG没有正确清理用户提供的参数,使它们容易受到来自web UI的OS命令注入的影响。
Apache Airflow 系统命令注入(CVE-2022-24288)
PoC代码
暂无相关漏洞推荐
-
CVE-2020-17526: Apache Airflow <1.10.14 - Authentication Bypass POC
2025-09-01 | Apache AirflowApache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect sessio... -
CVE-2020-11978: Apache Airflow <=1.10.10 - Remote Code Execution POC
2025-08-01 | Apache AirflowApache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabil... -
CVE-2020-17526: Apache Airflow <1.10.14 - Authentication Bypass POC
2025-08-01 | Apache AirflowApache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect sessio... -
Webmin /package-updates/update.cgi 命令执行漏洞(CVE-2022-36446) 无POC
2025-09-05 | WebminWebmin是Webmin社区的一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.997之前的版本存在安全漏洞,该漏洞源于其software/apt-lib.pl组件缺少对U... -
CVE-2022-0342: Zyxel authentication bypass patch analysis POC
2025-09-01 | ZyxelAn authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versio...