Share
## https://sploitus.com/exploit?id=7D32966E-682E-586C-9EAF-53DB0BDE552C
This is a proof-of-concept (PoC) exploit for CVE-2020-11978, a remote code execution (RCE) vulnerability in Apache Airflow's example DAGs. The exploit targets Airflow versions less than 1.10.11 and allows an attacker to execute arbitrary commands on the system. The exploit uses the Airflow Experimental REST API, which is public by default, even if the web interface has authentication set. 

The PoC exploit is written in Python and consists of two scripts: `CVE-2020-11978.py` and `CVE-2020-11978-min.py`. The `CVE-2020-11978.py` script checks if the Airflow Experimental REST API is accessible and if the `example_trigger_target_dag` DAG is present. If both conditions are met, it creates a DAG run with a bash task that executes the provided command. The `CVE-2020-11978-min.py` script is a minimal version of the exploit that can be used to trigger a specific DAG if `example_trigger_target_dag` is not loaded.

The vulnerability is caused by the fact that the Airflow example DAGs are vulnerable to command injection, and the Experimental REST API is public by default. This allows an attacker to