airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Camille TOLSA (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AIRFLOW-1260) FLOWER XSS Vulnerability
Date Thu, 01 Jun 2017 08:36:04 GMT
Camille TOLSA created AIRFLOW-1260:
--------------------------------------

             Summary: FLOWER XSS Vulnerability
                 Key: AIRFLOW-1260
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-1260
             Project: Apache Airflow
          Issue Type: Bug
          Components: webapp
    Affects Versions: Airflow 1.7.1.3
            Reporter: Camille TOLSA
            Priority: Critical


The affected functions are WorkerQueueAddConsumer() and WorkerQueueCancelConsumer() from the
fichier flower/static/js/flower.js file. 

The use of the .html() function instead of .text() allows script execution



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message