CVE-2025-54415 | astronomer dag-factory up to 0.23.0a8 pull_request_target os command injection (GHSA-g5hx-xv45-9whg)

A vulnerability classified as critical has been found in astronomer dag-factory up to 0.23.0a8. This affects the function pull_request_target. The manipulation leads to os command injection.

This vulnerability is uniquely identified as CVE-2025-54415. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More