airflow-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaxil Naik <kaxiln...@gmail.com>
Subject Apache Airflow Security Vulnerabilities fixed in v1.10.12: CVE-2020-13944
Date Wed, 16 Sep 2020 11:00:14 GMT
Hi Airflow community,

Please find below the information about vulnerability which has been
addressed in Apache Airflow v1.10.12:

*CVE-2020-13944 - Reflected XSS via Origin Parameter*

The "origin" parameter passed to some of the endpoints like '/trigger' was
vulnerable to XSS exploit.

Reported by Ali Al-Habsi of Accellion & Everardo Padilla Saca

Thanks.
Kaxil @ Airflow PMC

Mime
View raw message