What is CVE-2022-40127?

CVE-2022-40127 is a vulnerability in Apache Software Foundation Airflow, classified under Code Injection. Published 2022-11-14.

Is CVE-2022-40127 known to be exploited?

22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Apache Software Foundation Airflow

CVE-2022-40127

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.933 (99.8th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Airflow — versions Apache Airflow

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

Mr-xn/CVE-2022-40127
jakabakos/CVE-2022-40127-Airflow-RCE
ARPSyndicate/cvemon
Awrrays/FrameVul
J1ezds/Vulnerability-Wiki-page
Mr-xn/Penetration_
Threekiii/Awesome-POC
XiaomingX/awesome-poc-for-red-team
bright-angel/sec-repos
cc8700619/poc

References

github.com/apache/airflow/pull/25960
lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy
[oss-security] 20221113 CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example (mailing-list)

Frequently asked questions

What is CVE-2022-40127?: CVE-2022-40127 is a vulnerability in Apache Software Foundation Airflow, classified under Code Injection. Published 2022-11-14.
Is CVE-2022-40127 known to be exploited?: 22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.