{"uuid": "b6e90f2e-c54b-4c64-a708-1525d61ca0ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40127", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14131", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40127\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T18:58:45.160Z\n\ud83d\udd17 References:\n1. https://github.com/apache/airflow/pull/25960\n2. https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy\n3. http://www.openwall.com/lists/oss-security/2022/11/14/2", "creation_timestamp": "2025-04-30T19:13:45.000000Z"}