oss-sec mailing list archives
CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL
From: Jedidiah Cunningham <jedcunningham () apache org>
Date: Thu, 24 Feb 2022 18:00:13 +0000
Severity: high Description: It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. Credit: The Apache Airflow PMC would like to thank both Bogdan Kurinnoy of the Samsung R&D Institute Ukraine (SRK) and Ali Al-Habsi of Accellion for independently discovering and reporting this issue.
Current thread:
- CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL Jedidiah Cunningham (Feb 24)