BIT-airflow-2021-45229

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/airflow/BIT-airflow-2021-45229.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-airflow-2021-45229

Aliases

Published

2024-03-06T10:58:46.760Z

Modified

2025-05-20T10:02:07.006Z

Summary

Apache Airflow: Reflected XSS via Origin Query Argument in URL

Details

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / airflow

Package

Name: airflow
Purl: pkg:bitnami/airflow

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.4

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/airflow/BIT-airflow-2021-45229.json"