Apache Airflow Cross-site Scripting
Moderate severity
GitHub Reviewed
Published
Jun 18, 2021
to the GitHub Advisory Database
•
Updated Sep 11, 2024
Description
Published by the National Vulnerability Database
Sep 17, 2020
Reviewed
May 3, 2021
Published to the GitHub Advisory Database
Jun 18, 2021
Last updated
Sep 11, 2024
In Apache Airflow < 1.10.12, the
origin
parameter passed to some of the endpoints like/trigger
and was vulnerable to a XSS exploit.References