cvelistv5 - cve-2022-41131

CVE-2022-41131 (GCVE-0-2022-41131)

Vulnerability from cvelistv5 – Published: 2022-11-22 00:00 – Updated: 2025-04-29 15:11

Summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

Severity ?

No CVSS data available.

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

apache

References

URL

Tags

	https://github.com/apache/airflow/pull/27647
	https://lists.apache.org/thread/wwo3qp0z8gv54yzn7…

Impacted products

Vendor

Product

Version

Apache Software Foundation

Apache Airflow Hive Provider

Affected: unspecified , < 4.1.0 (custom)

Apache Software Foundation

Apache Airflow

Affected: 2.3.0

Credits

Apache Airflow PMC wants to thank id_No2015429 of 3H Security Team for reporting the issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:35:49.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/airflow/pull/27647"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-29T15:11:00.216562Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-29T15:11:16.156Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Airflow Hive Provider",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "4.1.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Apache Airflow",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Apache Airflow PMC wants to thank id_No2015429 of 3H Security Team for reporting the issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-22T00:00:00.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://github.com/apache/airflow/pull/27647"
        },
        {
          "url": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-41131",
    "datePublished": "2022-11-22T00:00:00.000Z",
    "dateReserved": "2022-09-19T00:00:00.000Z",
    "dateUpdated": "2025-04-29T15:11:16.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.3.0\", \"matchCriteriaId\": \"24BE0EE8-9BCD-4DC8-8400-08A9084A4FFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apache-airflow-providers-apache-hive:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.1.0\", \"matchCriteriaId\": \"4AA32002-391F-442F-AB5A-C04EBC9E18E7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).\"}, {\"lang\": \"es\", \"value\": \"Neutralizaci\\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\u0027inyecci\\u00f3n de comando del sistema operativo\u0027) en Apache Airflow Hive Provider, Apache Airflow permite a un atacante ejecutar comandos arbitrarios en el contexto de ejecuci\\u00f3n de la tarea, sin acceso de escritura a los archivos DAG. Este problema afecta a las versiones del proveedor Hive anteriores a la 4.1.0. Tambi\\u00e9n afecta cualquier versi\\u00f3n de Apache Airflow anterior a la 2.3.0 en caso de que est\\u00e9 instalado HIve Provider (Hive Provider 4.1.0 solo se puede instalar para Airflow 2.3.0+). Tenga en cuenta que debe instalar manualmente la versi\\u00f3n 4.1.0 del proveedor Hive para eliminar la vulnerabilidad adem\\u00e1s de la versi\\u00f3n 2.3.0+ de Airflow que tiene instalada una versi\\u00f3n inferior del proveedor Hive).\"}]",
      "id": "CVE-2022-41131",
      "lastModified": "2024-11-21T07:22:40.500",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2022-11-22T10:15:16.687",
      "references": "[{\"url\": \"https://github.com/apache/airflow/pull/27647\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/apache/airflow/pull/27647\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41131\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-11-22T10:15:16.687\",\"lastModified\":\"2025-04-29T16:15:25.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).\"},{\"lang\":\"es\",\"value\":\"Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) en Apache Airflow Hive Provider, Apache Airflow permite a un atacante ejecutar comandos arbitrarios en el contexto de ejecuci\u00f3n de la tarea, sin acceso de escritura a los archivos DAG. Este problema afecta a las versiones del proveedor Hive anteriores a la 4.1.0. Tambi\u00e9n afecta cualquier versi\u00f3n de Apache Airflow anterior a la 2.3.0 en caso de que est\u00e9 instalado HIve Provider (Hive Provider 4.1.0 solo se puede instalar para Airflow 2.3.0+). Tenga en cuenta que debe instalar manualmente la versi\u00f3n 4.1.0 del proveedor Hive para eliminar la vulnerabilidad adem\u00e1s de la versi\u00f3n 2.3.0+ de Airflow que tiene instalada una versi\u00f3n inferior del proveedor Hive).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.0\",\"matchCriteriaId\":\"24BE0EE8-9BCD-4DC8-8400-08A9084A4FFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apache-airflow-providers-apache-hive:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.0\",\"matchCriteriaId\":\"4AA32002-391F-442F-AB5A-C04EBC9E18E7\"}]}]}],\"references\":[{\"url\":\"https://github.com/apache/airflow/pull/27647\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/airflow/pull/27647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/apache/airflow/pull/27647\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:35:49.376Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41131\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-29T15:11:00.216562Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-29T15:11:12.148Z\"}}], \"cna\": {\"title\": \"Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Apache Airflow PMC wants to thank id_No2015429 of 3H Security Team for reporting the issue.\"}], \"metrics\": [{\"other\": {\"type\": \"unknown\", \"content\": {\"other\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Airflow Hive Provider\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.1.0\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Airflow\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.3.0\"}]}], \"references\": [{\"url\": \"https://github.com/apache/airflow/pull/27647\"}, {\"url\": \"https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2022-11-22T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-41131\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-29T15:11:16.156Z\", \"dateReserved\": \"2022-09-19T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2022-11-22T00:00:00.000Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2022-83588

Vulnerability from cnvd - Published: 2022-12-01

Title

Apache Airflow操作系统命令注入漏洞（CNVD-2022-83588）

Description

Apache Airflow是美国阿帕奇（Apache）基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow存在操作系统命令注入漏洞，该漏洞源于不恰当的中和操作系统命令的特殊元素（操作系统命令注入）漏洞，攻击者可利用该漏洞在任务执行上下文中执行任意命令，而无需对DAG文件进行写入访问。

Severity

中

Patch Name

Apache Airflow操作系统命令注入漏洞（CNVD-2022-83588）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-41131

Impacted products

Name
['Apache Apache Airflow Hive Provider <4.1.0', 'Apache Airflow <2.3.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-41131",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-41131"
    }
  },
  "description": "Apache Airflow\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u7a0b\u7684\u5f00\u6e90\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u53ef\u6269\u5c55\u548c\u52a8\u6001\u76d1\u63a7\u7b49\u7279\u70b9\u3002\n\nApache Airflow\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4e0d\u6070\u5f53\u7684\u4e2d\u548c\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u7684\u7279\u6b8a\u5143\u7d20\uff08\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\uff09\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4efb\u52a1\u6267\u884c\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u547d\u4ee4\uff0c\u800c\u65e0\u9700\u5bf9DAG\u6587\u4ef6\u8fdb\u884c\u5199\u5165\u8bbf\u95ee\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-83588",
  "openTime": "2022-12-01",
  "patchDescription": "Apache Airflow\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u7a0b\u7684\u5f00\u6e90\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u53ef\u6269\u5c55\u548c\u52a8\u6001\u76d1\u63a7\u7b49\u7279\u70b9\u3002\r\n\r\nApache Airflow\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4e0d\u6070\u5f53\u7684\u4e2d\u548c\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u7684\u7279\u6b8a\u5143\u7d20\uff08\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\uff09\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4efb\u52a1\u6267\u884c\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u547d\u4ee4\uff0c\u800c\u65e0\u9700\u5bf9DAG\u6587\u4ef6\u8fdb\u884c\u5199\u5165\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Airflow\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2022-83588\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Apache Airflow Hive Provider \u003c4.1.0",
      "Apache Airflow \u003c2.3.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-41131",
  "serverity": "\u4e2d",
  "submitTime": "2022-11-25",
  "title": "Apache Airflow\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2022-83588\uff09"
}

GHSA-CM43-F2PV-6V68

Vulnerability from github – Published: 2022-11-22 12:30 – Updated: 2022-11-28 21:06

Summary

OS Command Injection in Apache Airflow

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow-providers-apache-hive"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-22T18:30:58Z",
    "nvd_published_at": "2022-11-22T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).",
  "id": "GHSA-cm43-f2pv-6v68",
  "modified": "2022-11-28T21:06:45Z",
  "published": "2022-11-22T12:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41131"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/27647"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OS Command Injection in Apache Airflow"
}

FKIE_CVE-2022-41131

Vulnerability from fkie_nvd - Published: 2022-11-22 10:15 - Updated: 2025-04-29 16:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	https://github.com/apache/airflow/pull/27647	Patch, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/apache/airflow/pull/27647	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl	Issue Tracking, Mailing List, Third Party Advisory

Impacted products

	Vendor	Product	Version
	apache	airflow	*
	apache	apache-airflow-providers-apache-hive	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24BE0EE8-9BCD-4DC8-8400-08A9084A4FFB",
              "versionEndExcluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apache-airflow-providers-apache-hive:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AA32002-391F-442F-AB5A-C04EBC9E18E7",
              "versionEndExcluding": "4.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed)."
    },
    {
      "lang": "es",
      "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) en Apache Airflow Hive Provider, Apache Airflow permite a un atacante ejecutar comandos arbitrarios en el contexto de ejecuci\u00f3n de la tarea, sin acceso de escritura a los archivos DAG. Este problema afecta a las versiones del proveedor Hive anteriores a la 4.1.0. Tambi\u00e9n afecta cualquier versi\u00f3n de Apache Airflow anterior a la 2.3.0 en caso de que est\u00e9 instalado HIve Provider (Hive Provider 4.1.0 solo se puede instalar para Airflow 2.3.0+). Tenga en cuenta que debe instalar manualmente la versi\u00f3n 4.1.0 del proveedor Hive para eliminar la vulnerabilidad adem\u00e1s de la versi\u00f3n 2.3.0+ de Airflow que tiene instalada una versi\u00f3n inferior del proveedor Hive)."
    }
  ],
  "id": "CVE-2022-41131",
  "lastModified": "2025-04-29T16:15:25.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-11-22T10:15:16.687",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/apache/airflow/pull/27647"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/apache/airflow/pull/27647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GSD-2022-41131

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-41131

Aliases

CVE-2022-41131

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41131",
    "id": "GSD-2022-41131"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41131"
      ],
      "details": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).",
      "id": "GSD-2022-41131",
      "modified": "2023-12-13T01:19:33.185847Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2022-41131",
        "STATE": "PUBLIC",
        "TITLE": "Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Airflow Hive Provider",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "4.1.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Apache Airflow",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.3.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Apache Airflow PMC wants to thank id_No2015429 of 3H Security Team for reporting the issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed)."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": [
        {
          "other": "moderate"
        }
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/apache/airflow/pull/27647",
            "refsource": "MISC",
            "url": "https://github.com/apache/airflow/pull/27647"
          },
          {
            "name": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c4.1.0",
          "affected_versions": "All versions before 4.1.0",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-11-28",
          "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).",
          "fixed_versions": [
            "4.1.0"
          ],
          "identifier": "CVE-2022-41131",
          "identifiers": [
            "CVE-2022-41131"
          ],
          "not_impacted": "All versions starting from 4.1.0",
          "package_slug": "pypi/apache-airflow-providers-apache-hive",
          "pubdate": "2022-11-22",
          "solution": "Upgrade to version 4.1.0 or above.",
          "title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-41131",
            "https://github.com/apache/airflow/pull/27647",
            "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl"
          ],
          "uuid": "309e74cd-c1b5-4a7a-9aec-c42b8e2e54e4"
        },
        {
          "affected_range": "\u003c2.3.0",
          "affected_versions": "All versions before 2.3.0",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-11-28",
          "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).",
          "fixed_versions": [
            "2.3.0"
          ],
          "identifier": "CVE-2022-41131",
          "identifiers": [
            "CVE-2022-41131",
            "GHSA-cm43-f2pv-6v68"
          ],
          "not_impacted": "All versions starting from 2.3.0",
          "package_slug": "pypi/apache-airflow",
          "pubdate": "2022-11-22",
          "solution": "Upgrade to version 2.3.0 or above.",
          "title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-41131",
            "https://github.com/apache/airflow/pull/27647",
            "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl",
            "https://github.com/advisories/GHSA-cm43-f2pv-6v68"
          ],
          "uuid": "364ced34-5dff-45e4-bf6e-8c2d1843999c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apache-airflow-providers-apache-hive:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2022-41131"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/apache/airflow/pull/27647",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/apache/airflow/pull/27647"
            },
            {
              "name": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-28T17:50Z",
      "publishedDate": "2022-11-22T10:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-41131 (GCVE-0-2022-41131)

CNVD-2022-83588

GHSA-CM43-F2PV-6V68

FKIE_CVE-2022-41131

GSD-2022-41131

Tags

Sightings

Nomenclature