PYSEC-2018-45

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2018-45.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2018-45

Aliases

Published

2018-08-06T13:29:00Z

Modified

2024-02-23T21:13:13.853935Z

Summary

[none]

Details

It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.

References

https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f@%3Cdev.airflow.apache.org%3E

Affected packages

PyPI / apache-airflow

Package

Name: apache-airflow; View open source insights on deps.dev
Purl: pkg:pypi/apache-airflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.0

Affected versions

1.*

1.8.1

1.8.2rc1

1.8.2