CVE-2022-40954 - OS Command Injection in Apache Airflow Spark Provider – How Attackers Can Read Any File
In September 2022, a critical security vulnerability was disclosed in the Apache Airflow Spark Provider (CVE-2022-40954). This vulnerability may not look dramatic at first, but