You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@airflow.apache.org by Pierre Jeambrun <pi...@apache.org> on 2023/05/07 17:02:53 UTC
CVE-2023-29247: Stored XSS on Apache Airflow
Severity: important
Affected versions:
- Apache Airflow before 2.6.0
Description:
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.
Credit:
taidh from VNPT - VCI (finder)
kuteminh11 (finder)
References:
https://github.com/apache/airflow/pull/30447
https://github.com/apache/airflow/pull/30779
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-29247
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@airflow.apache.org
For additional commands, e-mail: users-help@airflow.apache.org