Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-11978 PoC — Apache Airflow 操作系统操作系统命令注入漏洞

Source
https://github.com/stuxbench/mlflow-cve-2020-11978
Associated Vulnerability
Title:Apache Airflow 操作系统操作系统命令注入漏洞 (CVE-2020-11978)
Description:An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
Readme
# What
## Part A - Prereqs
- hud cli
- Docker


## Part A - Setup
- In the root of this repo:
    - Run `hud build`
    - Run `hud dev`

## Part B - Prereqs
- uv

## Part B - Setup
- In the root of this repo run: 
    - `uv sync`
    - `uv venv`
    - `source .venv/bin/activate`
    - `cp .env.example .env`

- Replace the dummy API keys with your own.

- Then run `python test_full_info.py`

## Troubleshooting
- If you need to cache bust:
```
hud dev . -e --no-cache --build
```

---

## Pentest
`python run_pentest_task.py`
File Snapshot

 [4.0K]  /data/pocs/08dd70e77c26e3629e16cd09597b17f080e8eef0
├── [ 220]  convert_diff.py
├── [3.0K]  Dockerfile
├── [ 530]  pyproject.toml
├── [ 527]  README.md
├── [ 701]  run_pentest_task.py
├── [6.5K]  run_tests_docker.py
├── [4.0K]  src
│   ├── [4.0K]  controller
│   │   ├── [4.0K]  cves
│   │   │   ├── [ 24K]  cve_2020_11978.py
│   │   │   └── [ 180]  __init__.py
│   │   ├── [ 739]  env.py
│   │   ├── [   1]  __init__.py
│   │   ├── [7.4K]  server.py
│   │   └── [ 10K]  test_impact_analyzer.py
│   └── [   1]  __init__.py
├── [4.0K]  tasks.json
├── [ 676]  test_full_info.py
├── [ 13K]  test_mcp_unit_tests.py
├── [ 665]  test_one_day.py
├── [3.7K]  test_restart.py
├── [ 670]  test_zero_day.py
└── [ 20M]  uv-x86_64-unknown-linux-gnu.tar.gz

4 directories, 20 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →