You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Jedidiah Cunningham <je...@apache.org> on 2022/11/01 20:59:26 UTC
CVE-2022-43985: Apache Airflow: Open Redirect
Description:
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
Credit:
The Apache Airflow PMC would like to thank Axel Chong (@Haxatron) [https://hackerone.com/haxatron1] for reporting this issue.
References:
https://github.com/apache/airflow/pull/27143