{"schema_version": "1.6.1", "id": "CVE-2022-38362", "summary": "Docker Provider <3.0 RCE vulnerability in example dag", "details": "Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache Airflow Docker Provider"}, {"fixed": "3.0.0"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb"}]}