HIGH 8.8
PYSEC-2026-773
Remote code execution in Apache Airflow Docker's Provider
Details
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / apache-airflow-providers-docker
Introduced in:
0 Fixed in: 3.0.0 Fix
pip install --upgrade 'apache-airflow-providers-docker>=3.0.0' References
- https://nvd.nist.gov/vuln/detail/CVE-2022-38362 [ADVISORY]
- https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb [WEB]
- http://www.openwall.com/lists/oss-security/2022/08/16/1 [WEB]
- https://pypi.org/project/apache-airflow-providers-docker [PACKAGE]
- https://github.com/advisories/GHSA-746v-hfh2-xphm [ADVISORY]