How severe is CVE-2022-40954?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-40954?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2022-40954 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Related Vulnerabilities

CVE-2016-6459

MEDIUM

CVSS:5.5(Medium)

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CS...

CWE-782016

CVE-2016-7844

MEDIUM

CVSS:5.5(Medium)

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template.

CWE-782016

CVE-2019-14337

MEDIUM

CVSS:5.5(Medium)

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin...

CWE-782019

CVE-2019-1725

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on ...

CWE-782019

CVE-2022-34769

MEDIUM

CVSS:5.5(Medium)

Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specif...

CWE-782022

CVE-2023-20056

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerab...

CWE-782023