平台
python
组件
apache-airflow
修复版本
2.9.3
2.9.3
CVE-2024-39877 is a remote code execution (RCE) vulnerability affecting Apache Airflow versions 2.4.0 and earlier, up to and including 2.9.3rc1. This vulnerability allows authenticated DAG authors to craft malicious doc_md parameters, leading to arbitrary code execution within the Airflow scheduler's context, bypassing security restrictions. Affected users should immediately upgrade to version 2.9.3 or later, which addresses this critical security flaw.
The impact of CVE-2024-39877 is severe. A successful exploit allows an attacker, posing as an authenticated DAG author, to execute arbitrary code on the Airflow scheduler. This grants the attacker complete control over the scheduler's processes, potentially leading to data breaches, system compromise, and disruption of Airflow workflows. The attacker could steal sensitive data processed by Airflow, modify DAGs to execute malicious tasks, or even pivot to other systems within the network if the scheduler has access to them. This vulnerability is particularly concerning given Airflow's common use in data pipelines handling sensitive information.
CVE-2024-39877 was publicly disclosed on July 17, 2024. While no active exploitation campaigns have been publicly confirmed as of this writing, the ease of exploitation and the potential impact make it a high-priority vulnerability. It is not currently listed on the CISA KEV catalog. Public proof-of-concept code is likely to emerge, increasing the risk of exploitation.
Organizations heavily reliant on Apache Airflow for data orchestration and ETL processes are at significant risk. Specifically, teams with less stringent access controls for DAG authors, or those using Airflow in environments with sensitive data, are particularly vulnerable. Shared hosting environments where multiple users can create and deploy DAGs also increase the risk surface.
• python: Monitor Airflow logs for unusual process executions or errors related to DAG parsing.
import logging
logging.basicConfig(filename='airflow.log', level=logging.ERROR)
# Monitor for suspicious code execution attempts• python: Check for modified DAG files with suspicious doc_md parameters.
# Example: Check for unusual characters in doc_md
with open('my_dag.py', 'r') as f:
content = f.read()
if 'doc_md=' in content:
print('Potential vulnerability: doc_md parameter found')• generic web: Examine Airflow web server access logs for requests containing unusual or encoded characters in the doc_md parameter. Look for patterns indicative of code injection attempts.
disclosure
漏洞利用状态
EPSS
0.10% (27% 百分位)
CVSS 向量
The primary mitigation for CVE-2024-39877 is to upgrade Apache Airflow to version 2.9.3 or later. This version includes a fix that prevents the malicious crafting of docmd parameters. If an immediate upgrade is not feasible, consider implementing stricter input validation on the docmd parameter to sanitize potentially harmful code. While not a complete solution, this can reduce the attack surface. Review and audit existing DAGs for any suspicious code or unusual parameter usage. After upgrading, verify the fix by attempting to create a DAG with a crafted doc_md parameter and confirming that it is properly sanitized and does not result in code execution.
Actualice Apache Airflow a la versión 2.9.3 o posterior. Esta versión corrige la vulnerabilidad que permite la ejecución de código arbitrario. La actualización se puede realizar a través de pip o el método de instalación preferido.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-39877 is a remote code execution vulnerability in Apache Airflow versions 2.4.0 and earlier, up to 2.9.3rc1. It allows authenticated DAG authors to execute arbitrary code on the scheduler.
You are affected if you are running Apache Airflow versions 2.4.0 through 2.9.3rc1. Upgrade to 2.9.3 or later to mitigate the risk.
The recommended fix is to upgrade Apache Airflow to version 2.9.3 or later. As a temporary workaround, implement stricter input validation on the doc_md parameter.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future attacks.
Refer to the Apache Airflow security page for the latest information and advisory: https://airflow.apache.org/security
上传你的 requirements.txt 文件,立即知道是否受影响。