PYSEC-2019-214

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2019-214.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2019-214
Aliases
Published
2019-04-10T20:29:00Z
Modified
2023-11-08T04:00:31.662740Z
Summary
[none]
Details

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

References

Affected packages

PyPI / apache-airflow

Package

Name
apache-airflow
View open source insights on deps.dev
Purl
pkg:pypi/apache-airflow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.3b1

Affected versions

1.*

1.8.1
1.8.2rc1
1.8.2
1.9.0
1.10.0
1.10.1b1
1.10.1rc2
1.10.1
1.10.2b2
1.10.2rc1
1.10.2rc2
1.10.2rc3
1.10.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2019-214.yaml"