oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-29247: Stored XSS on Apache Airflow

From: Pierre Jeambrun <pierrejeambrun () apache org>
Date: Sun, 07 May 2023 17:02:53 +0000
Severity: important

Affected versions:

- Apache Airflow before 2.6.0

Description:

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.

Credit:

taidh from VNPT - VCI (finder)
kuteminh11 (finder)

References:

https://github.com/apache/airflow/pull/30447
https://github.com/apache/airflow/pull/30779
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-29247
Previous By Date Next
Previous By Thread Next

Current thread: