Описание
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument. This issue affects Apache Airflow versions 2.2.3 and below.
Ссылки
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.3 (включая)
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01563
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
debian
почти 4 года назад
It was discovered that the "Trigger DAG with config" screen was suscep ...
CVSS3: 6.1
github
почти 4 года назад
Apache Airflow Cross-site Scripting Vulnerability
EPSS
Процентиль: 81%
0.01563
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79