CVE-2020-13944

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-13944
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13944.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13944
Aliases
Published
2020-09-17T14:15:12.810Z
Modified
2026-03-10T23:06:03.122900Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.

References

Affected packages

Git / github.com/apache/airflow

Affected ranges

Type
GIT
Repo
https://github.com/apache/airflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5a94e34938858ce2bb390ddf0fd16ddfd1312a9b
Introduced
8217db8cb4b1ff302c5cf8662477ac00f701e78c
Fixed
d9567eb106929b21329c01171fd398fbef2dc6c6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.10.15"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.2"
        }
    ]
}

Affected versions

helm-chart/1.*
helm-chart/1.1.0
helm-chart/1.1.0rc1
providers-airbyte/2.*
providers-airbyte/2.0.0
providers-airbyte/2.1.0
providers-airbyte/2.1.0rc2
providers-airbyte/2.1.1
providers-airbyte/2.1.1rc1
providers-alibaba/1.*
providers-alibaba/1.0.0
providers-alibaba/1.0.0rc1
providers-amazon/2.*
providers-amazon/2.0.0
providers-amazon/2.1.0
providers-amazon/2.1.0rc1
providers-amazon/2.1.0rc2
providers-amazon/2.2.0
providers-amazon/2.2.0rc1
providers-amazon/2.3.0
providers-amazon/2.3.0rc1
providers-amazon/2.3.0rc2
providers-apache-beam/3.*
providers-apache-beam/3.0.0
providers-apache-beam/3.0.1
providers-apache-beam/3.0.1rc1
providers-apache-cassandra/2.*
providers-apache-cassandra/2.0.0
providers-apache-cassandra/2.0.1
providers-apache-cassandra/2.0.1rc1
providers-apache-cassandra/2.1.0
providers-apache-cassandra/2.1.0rc1
providers-apache-drill/1.*
providers-apache-drill/1.0.0
providers-apache-drill/1.0.0rc1
providers-apache-drill/1.0.0rc2
providers-apache-drill/1.0.1
providers-apache-drill/1.0.1rc1
providers-apache-druid/2.*
providers-apache-druid/2.0.0
providers-apache-druid/2.0.1
providers-apache-druid/2.0.1rc2
providers-apache-druid/2.0.2
providers-apache-druid/2.0.2rc1
providers-apache-hdfs/2.*
providers-apache-hdfs/2.0.0
providers-apache-hdfs/2.1.0
providers-apache-hdfs/2.1.0rc1
providers-apache-hdfs/2.1.1
providers-apache-hdfs/2.1.1rc1
providers-apache-hive/2.*
providers-apache-hive/2.0.0
providers-apache-hive/2.0.1
providers-apache-hive/2.0.1rc1
providers-apache-hive/2.0.1rc2
providers-apache-hive/2.0.2
providers-apache-hive/2.0.2rc1
providers-apache-kylin/2.*
providers-apache-kylin/2.0.0
providers-apache-kylin/2.0.1
providers-apache-kylin/2.0.1rc1
providers-apache-livy/2.*
providers-apache-livy/2.0.0
providers-apache-livy/2.1.0
providers-apache-livy/2.1.0rc1
providers-apache-pig/2.*
providers-apache-pig/2.0.0
providers-apache-pig/2.0.1
providers-apache-pig/2.0.1rc1
providers-apache-pinot/2.*
providers-apache-pinot/2.0.0
providers-apache-pinot/2.0.1
providers-apache-pinot/2.0.1rc1
providers-apache-spark/2.*
providers-apache-spark/2.0.0
providers-apache-spark/2.0.1
providers-apache-spark/2.0.1rc1
providers-apache-sqoop/2.*
providers-apache-sqoop/2.0.0
providers-apache-sqoop/2.0.1
providers-apache-sqoop/2.0.1rc1
providers-apache-sqoop/2.0.1rc2
providers-apache-sqoop/2.0.2
providers-apache-sqoop/2.0.2rc1
providers-asana/1.*
providers-asana/1.0.0
providers-asana/1.1.0
providers-asana/1.1.0rc1
providers-celery/2.*
providers-celery/2.0.0
providers-celery/2.1.0
providers-celery/2.1.0rc1
providers-celery/2.1.0rc2
providers-cloudant/2.*
providers-cloudant/2.0.0
providers-cloudant/2.0.1
providers-cloudant/2.0.1rc1
providers-cncf-kubernetes/2.*
providers-cncf-kubernetes/2.0.0
providers-cncf-kubernetes/2.0.1
providers-cncf-kubernetes/2.0.1rc1
providers-cncf-kubernetes/2.0.1rc2
providers-cncf-kubernetes/2.0.2
providers-cncf-kubernetes/2.0.2rc1
providers-cncf-kubernetes/2.0.3
providers-cncf-kubernetes/2.0.3rc1
providers-databricks/2.*
providers-databricks/2.0.0
providers-databricks/2.0.1
providers-databricks/2.0.1rc1
providers-databricks/2.0.2
providers-databricks/2.0.2rc1
providers-datadog/2.*
providers-datadog/2.0.0
providers-datadog/2.0.1
providers-datadog/2.0.1rc1
providers-dingding/2.*
providers-dingding/2.0.0
providers-dingding/2.0.1
providers-dingding/2.0.1rc1
providers-discord/2.*
providers-discord/2.0.0
providers-discord/2.0.1
providers-discord/2.0.1rc1
providers-docker/2.*
providers-docker/2.0.0
providers-docker/2.1.0
providers-docker/2.1.0rc1
providers-docker/2.1.0rc2
providers-docker/2.1.1
providers-docker/2.1.1rc1
providers-docker/2.2.0
providers-docker/2.2.0rc1
providers-elasticsearch/2.*
providers-elasticsearch/2.0.1
providers-elasticsearch/2.0.2rc1
providers-elasticsearch/2.0.2rc2
providers-elasticsearch/2.0.3
providers-elasticsearch/2.0.3rc1
providers-exasol/2.*
providers-exasol/2.0.0
providers-exasol/2.0.1
providers-exasol/2.0.1rc1
providers-facebook/2.*
providers-facebook/2.0.0
providers-facebook/2.0.1
providers-facebook/2.0.1rc1
providers-ftp/2.*
providers-ftp/2.0.0
providers-ftp/2.0.1
providers-ftp/2.0.1rc1
providers-google/4.*
providers-google/4.0.0
providers-google/4.1.0rc1
providers-google/5.*
providers-google/5.0.0
providers-google/5.0.0rc2
providers-google/5.1.0
providers-google/5.1.0rc1
providers-google/6.*
providers-google/6.0.0
providers-google/6.0.0rc1
providers-grpc/2.*
providers-grpc/2.0.0
providers-grpc/2.0.1
providers-grpc/2.0.1rc1
providers-hashicorp/2.*
providers-hashicorp/2.0.0
providers-hashicorp/2.1.0
providers-hashicorp/2.1.0rc1
providers-hashicorp/2.1.0rc2
providers-hashicorp/2.1.1
providers-hashicorp/2.1.1rc1
providers-http/2.*
providers-http/2.0.0
providers-http/2.0.1
providers-http/2.0.1rc1
providers-imap/2.*
providers-imap/2.0.0
providers-imap/2.0.1
providers-imap/2.0.1rc1
providers-influxdb/1.*
providers-influxdb/1.0.0
providers-influxdb/1.0.0rc1
providers-jdbc/2.*
providers-jdbc/2.0.0
providers-jdbc/2.0.1
providers-jdbc/2.0.1rc1
providers-jenkins/2.*
providers-jenkins/2.0.0
providers-jenkins/2.0.1
providers-jenkins/2.0.1rc1
providers-jenkins/2.0.1rc2
providers-jenkins/2.0.2
providers-jenkins/2.0.2rc1
providers-jira/2.*
providers-jira/2.0.0
providers-jira/2.0.1
providers-jira/2.0.1rc1
providers-microsoft-azure/3.*
providers-microsoft-azure/3.0.0
providers-microsoft-azure/3.1.0
providers-microsoft-azure/3.1.0rc1
providers-microsoft-azure/3.1.0rc2
providers-microsoft-azure/3.1.1
providers-microsoft-azure/3.1.1rc1
providers-microsoft-azure/3.2.0
providers-microsoft-azure/3.2.0rc1
providers-microsoft-mssql/2.*
providers-microsoft-mssql/2.0.0
providers-microsoft-mssql/2.0.1
providers-microsoft-mssql/2.0.1rc1
providers-microsoft-psrp/1.*
providers-microsoft-psrp/1.0.0
providers-microsoft-psrp/1.0.0rc1
providers-microsoft-psrp/1.0.1
providers-microsoft-psrp/1.0.1rc1
providers-microsoft-psrp/1.0.1rc2
providers-microsoft-winrm/2.*
providers-microsoft-winrm/2.0.0
providers-microsoft-winrm/2.0.1
providers-microsoft-winrm/2.0.1rc1
providers-mongo/2.*
providers-mongo/2.0.0
providers-mongo/2.1.0
providers-mongo/2.1.0rc1
providers-mysql/2.*
providers-mysql/2.0.0
providers-mysql/2.1.0
providers-mysql/2.1.0rc1
providers-mysql/2.1.0rc2
providers-mysql/2.1.1
providers-mysql/2.1.1rc1
providers-neo4j/2.*
providers-neo4j/2.0.0
providers-neo4j/2.0.1
providers-neo4j/2.0.1rc1
providers-neo4j/2.0.2
providers-neo4j/2.0.2rc1
providers-odbc/2.*
providers-odbc/2.0.0
providers-odbc/2.0.1
providers-odbc/2.0.1rc1
providers-openfaas/2.*
providers-openfaas/2.0.0
providers-opsgenie/2.*
providers-opsgenie/2.0.0
providers-opsgenie/2.0.1
providers-opsgenie/2.0.1rc1
providers-oracle/2.*
providers-oracle/2.0.0
providers-oracle/2.0.1
providers-oracle/2.0.1rc1
providers-pagerduty/2.*
providers-pagerduty/2.0.0
providers-pagerduty/2.0.1
providers-pagerduty/2.0.1rc1
providers-papermill/2.*
providers-papermill/2.0.0
providers-papermill/2.0.1
providers-papermill/2.0.1rc1
providers-papermill/2.1.0
providers-papermill/2.1.0rc1
providers-plexus/2.*
providers-plexus/2.0.0
providers-plexus/2.0.1
providers-plexus/2.0.1rc1
providers-postgres/2.*
providers-postgres/2.0.0
providers-postgres/2.1.0
providers-postgres/2.1.0rc1
providers-postgres/2.1.0rc2
providers-postgres/2.2.0
providers-postgres/2.2.0rc1
providers-postgres/2.3.0
providers-postgres/2.3.0rc1
providers-presto/2.*
providers-presto/2.0.0
providers-presto/2.0.1
providers-presto/2.0.1rc1
providers-qubole/2.*
providers-qubole/2.0.0
providers-qubole/2.0.1
providers-qubole/2.0.1rc1
providers-redis/2.*
providers-redis/2.0.0
providers-redis/2.0.1
providers-redis/2.0.1rc1
providers-salesforce/3.*
providers-salesforce/3.0.0
providers-salesforce/3.1.0
providers-salesforce/3.1.0rc2
providers-salesforce/3.2.0
providers-salesforce/3.2.0rc1
providers-samba/2.*
providers-samba/2.0.0
providers-samba/3.*
providers-samba/3.0.0
providers-samba/3.0.0rc1
providers-segment/2.*
providers-segment/2.0.0
providers-segment/2.0.1
providers-segment/2.0.1rc1
providers-sendgrid/2.*
providers-sendgrid/2.0.0
providers-sendgrid/2.0.1
providers-sendgrid/2.0.1rc1
providers-sftp/2.*
providers-sftp/2.0.0
providers-sftp/2.1.0
providers-sftp/2.1.0rc1
providers-sftp/2.1.0rc2
providers-sftp/2.1.1
providers-sftp/2.1.1rc1
providers-singularity/2.*
providers-singularity/2.0.0
providers-singularity/2.0.1
providers-singularity/2.0.1rc1
providers-slack/4.*
providers-slack/4.0.0
providers-slack/4.0.1
providers-slack/4.0.1rc1
providers-slack/4.1.0
providers-slack/4.1.0rc1
providers-snowflake/2.*
providers-snowflake/2.0.0
providers-snowflake/2.1.0
providers-snowflake/2.1.0rc1
providers-snowflake/2.1.0rc2
providers-snowflake/2.1.1
providers-snowflake/2.1.1rc1
providers-snowflake/2.2.0
providers-snowflake/2.2.0rc1
providers-sqlite/2.*
providers-sqlite/2.0.0
providers-sqlite/2.0.1
providers-sqlite/2.0.1rc1
providers-ssh/2.*
providers-ssh/2.0.0
providers-ssh/2.1.0
providers-ssh/2.1.0rc1
providers-ssh/2.1.0rc2
providers-ssh/2.1.1
providers-ssh/2.1.1rc1
providers-ssh/2.2.0
providers-ssh/2.2.0rc1
providers-tableau/2.*
providers-tableau/2.0.0
providers-tableau/2.1.0
providers-tableau/2.1.0rc1
providers-tableau/2.1.0rc2
providers-tableau/2.1.1
providers-tableau/2.1.1rc1
providers-telegram/2.*
providers-telegram/2.0.0
providers-telegram/2.0.1
providers-telegram/2.0.1rc1
providers-trino/2.*
providers-trino/2.0.0
providers-trino/2.0.1
providers-trino/2.0.1rc1
providers-vertica/2.*
providers-vertica/2.0.0
providers-vertica/2.0.1
providers-vertica/2.0.1rc1
providers-yandex/2.*
providers-yandex/2.0.0
providers-yandex/2.1.0
providers-yandex/2.1.0rc1
providers-zendesk/2.*
providers-zendesk/2.0.0
providers-zendesk/2.0.1
providers-zendesk/2.0.1rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13944.json"