Severity: low Description:
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. Mitigation: Do not enable example dags on systems that should not allow UI user to execute an arbitrary command. Credit: Apache Airflow PMC would like to thank L3yx of Syclover Security Team. References: https://github.com/apache/airflow/pull/25960
