You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@airflow.apache.org by Kaxil Naik <ka...@gmail.com> on 2020/09/16 11:00:14 UTC
Apache Airflow Security Vulnerabilities fixed in v1.10.12: CVE-2020-13944
Hi Airflow community,
Please find below the information about vulnerability which has been
addressed in Apache Airflow v1.10.12:
*CVE-2020-13944 - Reflected XSS via Origin Parameter*
The "origin" parameter passed to some of the endpoints like '/trigger' was
vulnerable to XSS exploit.
Reported by Ali Al-Habsi of Accellion & Everardo Padilla Saca
Thanks.
Kaxil @ Airflow PMC