oss-sec mailing list archives
CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter
From: Kaxil Naik <kaxilnaik () apache org>
Date: Fri, 11 Dec 2020 13:14:07 +0000
Versions Affected: < 1.10.13 Description: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely. Credit: Ali Al-Habsi of Accellion Thanks, Kaxil, on behalf of Apache Airflow PMC
Current thread:
- CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter Kaxil Naik (Dec 11)