[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL
From: Jedidiah Cunningham <jedcunningham () apache ! org>
Date: 2022-02-24 18:00:13
Message-ID: 7ed76c19-838b-fe97-af15-623df2ce7a35 () apache ! org
[Download RAW message or body]
Severity: high
Description:
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via \
the `origin` query argument.
This issue affects Apache Airflow versions 2.2.3 and below.
Credit:
The Apache Airflow PMC would like to thank both Bogdan Kurinnoy of the Samsung R&D Institute \
Ukraine (SRK) and Ali Al-Habsi of Accellion for independently discovering and reporting this \
issue.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic