mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 15:15:46 +02:00
0xMarcio
2.0 KiB
2.0 KiB
CVE-2020-11978
Description
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
POC
Reference
- http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html
Github
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Z0fhack/Goby_POC
- https://github.com/bad-sector-labs/ansible-role-vulhub
- https://github.com/badsectorlabs/ludus_vulhub
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/n1sh1th/CVE-POC
- https://github.com/navyaks55/Vulnerability_Exploitation
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/pberba/CVE-2020-11978
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/soosmile/POC
- https://github.com/t0m4too/t0m4to