Miggo Logo
Miggo Vulnerability Database
CVE-2024-39877

CVE-2024-39877: Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-39877
GHSA ID
GHSA-g5hv-r743-v8pm
EPSS Score
0.3264%
CWE
CWE-94
Published
7/17/2024
Updated
1/21/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
apache-airflowpip>= 2.4.0, < 2.9.32.9.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the get_doc_md method's template rendering logic shown in the commit diff. The original code (before patching) used jinja2.Template() and env.get_template() to process doc_md, enabling code execution via template injection. The patch removed all Jinja rendering, confirming this was the attack vector. The function's role in processing user-controlled doc_md parameters matches the CWE-94 (Code Injection) description in the advisory.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** *ir*low *.*.*, *n* v*rsions ***or* *.*.*, **s * vuln*r**ility t**t *llows *ut**nti**t** *** *ut*ors to *r**t * *o*_m* p*r*m*t*r in * w*y t**t *oul* *x**ut* *r*itr*ry *o** in t** s****ul*r *ont*xt, w*i** s*oul* ** *or*i***n ***or*in* to t** *ir

Reasoning

T** vuln*r**ility st*ms *rom t** **t_*o*_m* m*t*o*'s t*mpl*t* r*n**rin* lo*i* s*own in t** *ommit *i**. T** ori*in*l *o** (***or* p*t**in*) us** jinj**.T*mpl*t*() *n* *nv.**t_t*mpl*t*() to pro**ss *o*_m*, *n**lin* *o** *x**ution vi* t*mpl*t* inj**tio