https://x7peeps.com/tags/CVE-2020-11978/index.htmlHugozh-CNSun, 22 Jun 2025 00:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/Apache_Airflow_%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE_DAG%E6%8A%95%E6%AF%92_%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5_%E8%AE%A4%E8%AF%81%E7%BB%95%E8%BF%87_CVE%E6%BC%8F%E6%B4%9E%E9%93%BE%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlSun, 22 Jun 2025 00:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/Apache_Airflow_%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE_DAG%E6%8A%95%E6%AF%92_%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5_%E8%AE%A4%E8%AF%81%E7%BB%95%E8%BF%87_CVE%E6%BC%8F%E6%B4%9E%E9%93%BE%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html深入分析 Apache Airflow 的未授权访问、DAG 投毒 RCE、CVE-2020-11978 命令注入、CVE-2023-39508 Run Task 越权、CVE-2024-37288 XCom 代码注入、认证绕过、CLI 凭证提取、Worker 侧信道攻击等完整攻击面，覆盖 2020-2025 年高危 CVE 漏洞链及蓝队检测与应急响应