Found a formatted string in BashOperator: $CMD. This could be vulnerable to injection. Be extra sure your variables are not controllable by external sources. Likelihood: LOW Confidence: LOW CWE: - CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP: - A01:2017 - Injection
- A03:2021 - Injection