Rewterz Threat Advisory – CVE-2021-3773 – OpenVPN for Linux and FreeBSD Security Vulnerability
September 10, 2021Rewterz Threat Advisory – CVE-2020-29012 – Fortinet FortiSandbox Security Vulnerability
September 10, 2021Rewterz Threat Advisory – CVE-2021-3773 – OpenVPN for Linux and FreeBSD Security Vulnerability
September 10, 2021Rewterz Threat Advisory – CVE-2020-29012 – Fortinet FortiSandbox Security Vulnerability
September 10, 2021Severity
High
Analysis Summary
CVE-2021-38540
Apache Airflow could allow a remote attacker to execute arbitrary code on the system, caused by improper authentication validation by the Variable Import endpoint. By sending a specially-crafted request to add or modify Airflow variables used in DAGs, an attacker could exploit this vulnerability to execute arbitrary code, obtain sensitive information or cause a denial of service condition on the system.
Impact
- Denial of Service
- Information Theft
- Code Execution
- Unauthorized Access
Affected Vendors
Apache
Affected Products
- Apache Airflow 2.0.0
- Apache Airflow 2.1.2
Remediation
Upgrade to the latest version of Apache Airflow (2.1.3 or later), available from the Apache Web site.