{"uuid": "018916b1-5f8d-4c2c-8ea6-d19b0b6e0b48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11978", "type": "seen", "source": "https://t.me/arpsyndicate/985", "content": "#ExploitObserverAlert\n\nCVE-2020-11978\n\nDESCRIPTION: Exploit Observer has 27 entries related to CVE-2020-11978. An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.\n\nFIRST-EPSS: 0.971560000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-03T17:10:17.000000Z"}