Elad Kalif

**Name of the Vulnerable Software and Affected Versions** Apache Airflow CNCF Kubernetes provider version 5.0.0 **Description** The issue is related to a weakness in the procedure for neutralizing special elements in output, which can allow an attacker to execute arbitrary code. This can be exploited by a user with elevated permissions (Op or Admin) to change the connection object, allowing them to change the xcom sidecar image and resources via Airflow connection. **Recommendations** Upgrade to provider version 7.0.0, which has removed the vulnerability.