Опубликовано: 26 фев. 2022
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.1
Описание
Apache Airflow Cross-site Scripting Vulnerability
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument. This issue affects Apache Airflow versions 2.2.3 and below.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-45229
- https://github.com/apache/airflow/commit/628aa1f99c865d97d0b1c7c76e630e43a7b8d319
- https://github.com/advisories/GHSA-65xw-pcqw-hjrh
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-29.yaml
- https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk
Пакеты
Наименование
apache-airflow
pip
Затронутые версииВерсия исправления
< 2.2.4rc1
2.2.4rc1
Связанные уязвимости
CVSS3: 6.1
nvd
почти 4 года назад
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
CVSS3: 6.1
debian
почти 4 года назад
It was discovered that the "Trigger DAG with config" screen was suscep ...