oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability

From: Ephraim Anierobi <ephraimanierobi () apache org>
Date: Tue, 16 Jul 2024 12:06:38 +0000
Severity: low

Affected versions:

- Apache Airflow before 2.9.3

Description:

Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious 
link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.

Credit:

Seokchan Yoon (https://github.com/ch4n3-yoon) (finder)
Amogh Desai (remediation developer)

References:

https://github.com/apache/airflow/pull/40475
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-39863
Previous By Date Next
Previous By Thread Next

Current thread: