Apache Airflow BashOperator Jinja2 Injection Vulnerability via dag_run.conf

A shell metacharacter injection vulnerability has been identified in Apache Airflow versions 3.0.0 prior to 3.2.2. The issue arises from the official documentation example for the BashOperator, which demonstrated how to pass parameters using Jinja templating without any warning about quoting or sanitization. This oversight could lead to exploitation in deployments where users have the 'Dag.can_trigger' permission, such as typical multi-team environments or hosted offerings that expose a trigger API. An authenticated user could inject malicious commands through the 'conf' field of the trigger API, potentially executing arbitrary commands on the worker via 'os.exec'.

Impact

Exploitation of this vulnerability allows for shell metacharacter injection, enabling authenticated users to execute arbitrary commands on the Airflow worker.

Remediation

Users are advised to upgrade to Apache Airflow version 3.2.2 or later, where the documentation has been corrected to include proper shell quoting and a safety caveat.