[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL
From:       Jedidiah Cunningham <jedcunningham () apache ! org>
Date:       2022-02-24 18:00:13
Message-ID: 7ed76c19-838b-fe97-af15-623df2ce7a35 () apache ! org
[Download RAW message or body]

Severity: high

Description:

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via \
the `origin` query argument.

This issue affects Apache Airflow versions 2.2.3 and below. 

Credit:

The Apache Airflow PMC would like to thank both Bogdan Kurinnoy of the Samsung R&D Institute \
Ukraine (SRK) and Ali Al-Habsi of Accellion for independently discovering and reporting this \
issue.


[prev in list] [next in list] [prev in thread] [next in thread]