airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Camille TOLSA (JIRA)" <>
Subject [jira] [Created] (AIRFLOW-1260) FLOWER XSS Vulnerability
Date Thu, 01 Jun 2017 08:36:04 GMT
Camille TOLSA created AIRFLOW-1260:

             Summary: FLOWER XSS Vulnerability
                 Key: AIRFLOW-1260
             Project: Apache Airflow
          Issue Type: Bug
          Components: webapp
    Affects Versions: Airflow
            Reporter: Camille TOLSA
            Priority: Critical

The affected functions are WorkerQueueAddConsumer() and WorkerQueueCancelConsumer() from the
fichier flower/static/js/flower.js file. 

The use of the .html() function instead of .text() allows script execution

This message was sent by Atlassian JIRA

View raw message