CVE-2020-11978 – Apache Software Foundation / Airflow – Command injection
CVE-2020-11978 is a command injection vulnerability impacting Apache Airflow versions 1.10.10 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.
Summary:
CVE-2020-11978 is a command injection vulnerability impacting Apache Airflow versions 1.10.10 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.
PoC Links(if available):
Packet Storm exploit –
https://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html
Known Counter Measures:
Apache addressed the vulnerability in Airflow version 1.10.11.
Links to patches(if available)
https://airflow.apache.org/docs/apache-airflow/1.10.11/
