You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@airflow.apache.org by Jedidiah Cunningham <je...@apache.org> on 2022/02/24 18:00:13 UTC
CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL
Severity: high
Description:
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.
This issue affects Apache Airflow versions 2.2.3 and below.
Credit:
The Apache Airflow PMC would like to thank both Bogdan Kurinnoy of the Samsung R&D Institute Ukraine (SRK) and Ali Al-Habsi of Accellion for independently discovering and reporting this issue.