How severe is CVE-2024-45498?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-45498?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2024-45498 - HIGH Severity | CVSS 8.8

Vulnerability Description

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

Related Vulnerabilities

CVE-2013-2011

HIGH

CVSS:8.8(High)

WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for...

CWE-1162013

CVE-2014-9938

HIGH

CVSS:8.8(High)

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

CWE-1162014

CVE-2018-8609

HIGH

CVSS:8.8(High)

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dy...

CWE-1162018

CVE-2020-24972

HIGH

CVSS:8.8(High)

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line op...

CWE-1162020

CVE-2020-26283

HIGH

CVSS:8.8(High)

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. ...

CWE-1162020

CVE-2021-32679

HIGH

CVSS:8.8(High)

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. Wh...

CWE-1162021