{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-04T21:07:18.056","vulnerabilities":[{"cve":{"id":"CVE-2024-45498","sourceIdentifier":"security@apache.org","published":"2024-09-07T08:15:11.407","lastModified":"2025-06-03T21:12:43.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see  https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later."},{"lang":"es","value":"Ejemplo de DAG: example_inlet_event_extra.py incluido con Apache Airflow versión 2.10.0 tiene una vulnerabilidad que permite que un atacante autenticado con solo permiso de activación de DAG ejecute comandos arbitrarios. Si utilizó ese ejemplo como base de sus DAG, revise si no ha copiado el ejemplo peligroso; consulte https://github.com/apache/airflow/pull/41873 para obtener más información. Recomendamos no exponer los DAG de ejemplo en su implementación. Si debe exponer los DAG de ejemplo, actualice Airflow a la versión 2.10.1 o posterior."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:airflow:2.10.0:-:*:*:*:*:*:*","matchCriteriaId":"CF30198C-D6CF-48A8-A6D1-D4778B0C78D7"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/41873","source":"security@apache.org","tags":["Issue Tracking"]},{"url":"https://lists.apache.org/thread/tl7lzczcqdmqj2pcpbvtjdpd2tb9561n","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/09/06/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]}]}}]}