Volerion logoVolerion
Volerion logoVolerion

Apache Airflow Common SQL Provider SQL Injection Vulnerability Leading to Remote Code Execution

Vulnerability

A SQL injection vulnerability allowing for remote code execution has been identified in Apache Airflow Common SQL Provider versions prior to 1.24.1. This issue arises from improper handling of special elements in SQL commands. When the partition clause is used in the SQLTableCheckOperator, authenticated users can inject arbitrary SQL commands. This exploitation occurs during the triggering of Directed Acyclic Graphs (DAGs), where the injected commands can be executed with escalated privileges.

Impact

Exploitation of this vulnerability allows authenticated users to inject and execute arbitrary SQL commands, potentially leading to unauthorized access or modification of data, and in this case, remote code execution.

Reproduction

To reproduce this vulnerability, an authenticated user can use the partition clause in the SQLTableCheckOperator. When the DAG is triggered, the user can inject SQL commands that will be executed with elevated privileges.

Remediation

Users are advised to upgrade to Apache Airflow Common SQL Provider version 1.24.1 or later, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
5.0
exploitability
5.6
remediation
7.7
relevance
0.0
threat
1.6
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.