Pickle deserialization vulnerability in XComs

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. ## Impact For this vulnerability, I think the severity of its impacts highly depends on whether it is possible some malicious tasks can poison the XComs data. Based on my understanding of Airflow's threat model, I have drafted two attacking scenarios for the exploit: 4.1), we consider there is a DAG involving two isolated tasks belonging to two different task owners and running in two different machines/docks, saying an attacker's task running in the attacker's machine and a victim's task running in the victim's machine. In this case, the attacker can poison some XComs data and then exploit this vulnerability to bypass the protection of "enable_xcom_pickling = False" and get an RCE in the victim's machines when the victim's task pulls this poisoned XComs data. 4.2), in case any attacker's task can poison some XComs data, the web users who can view the XComs data by navigating via "DAG->Run->Task->XCom" in the web UI can deserialize the poisoned data for RCE. Or if the Airflow sets "enable_xcom_deserialize_support = True", the authenticated users can trigger the RCE by accessing the "xcomEntries" endpoint. I am not very sure whether the two attacking scenarios described above apply to your Airflow threat models and whether there are some more potential exploitable scenarios. However, we can see in the airflow.cfg, the comments for the key "enable_xcom_pickling" saying "Whether to enable pickling for xcom (note that this is insecure and allows for RCE exploits).", I thus believe the bypass of the "enable_xcom_pickling" can more or less induce kinds of insecure matters in the use of Airflow.