Описание
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| airflow | itp | package |
Связанные уязвимости
CVSS3: 4.8
nvd
больше 6 лет назад
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.
CVSS3: 4.8
github
около 6 лет назад
Apache Airflow vulnerable to XSS and local file disclosure