BIT-airflow-2021-45229

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/airflow/BIT-airflow-2021-45229.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-airflow-2021-45229

Aliases

Published

2024-03-06T10:58:46.760Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk

Affected packages

Bitnami / airflow

Package

Name: airflow
Purl: pkg:bitnami/airflow

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.3