airflow-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaxil Naik <>
Subject Apache Airflow Security Vulnerabilities fixed in v1.10.12: CVE-2020-13944
Date Wed, 16 Sep 2020 11:00:14 GMT
Hi Airflow community,

Please find below the information about vulnerability which has been
addressed in Apache Airflow v1.10.12:

*CVE-2020-13944 - Reflected XSS via Origin Parameter*

The "origin" parameter passed to some of the endpoints like '/trigger' was
vulnerable to XSS exploit.

Reported by Ali Al-Habsi of Accellion & Everardo Padilla Saca

Kaxil @ Airflow PMC

View raw message