This content is viewable by Everyone
Mandiant Reports Two Apache Vulnerabilities
An irrelevant code vulnerability exists within the example DAGs in Apache Airflow 2.3.4 and earlier that, when exploited, allows a remote attacker to execute arbitrary commands. Proof-of-concept (PoC) code is publicly available.
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support.
For a complete description of the vulnerabilities and affected systems go to: