You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@airflow.apache.org by Pierre Jeambrun <pi...@apache.org> on 2023/05/07 17:02:53 UTC

CVE-2023-29247: Stored XSS on Apache Airflow

Severity: important

Affected versions:

- Apache Airflow before 2.6.0

Description:

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.

Credit:

taidh from VNPT - VCI (finder)
kuteminh11 (finder)

References:

https://github.com/apache/airflow/pull/30447
https://github.com/apache/airflow/pull/30779
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-29247


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@airflow.apache.org
For additional commands, e-mail: users-help@airflow.apache.org