Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-38540 PoC — Apache Airflow: Variable Import endpoint missed authentication check

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-38540.yaml
Associated Vulnerability
Title:Apache Airflow: Variable Import endpoint missed authentication check (CVE-2021-38540)
Description:The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.
Description
Apache Airflow Airflow >=2.0.0 and <2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution.
File Snapshot

 id: CVE-2021-38540

info:
  name: Apache Airflow - Unauthenticated Variable Import
  author: pdteam


...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →