oss-sec mailing list archives
CVE-2022-40754: Apache Airflow: Open Redirect
From: Jedidiah Cunningham <jedcunningham () apache org>
Date: Tue, 20 Sep 2022 18:55:11 +0000
Description: In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. Credit: The Apache Airflow PMC would like to thank Konstantin Weddige (Lutra Security) for reporting this issue. References: https://github.com/apache/airflow/pull/26409
Current thread:
- CVE-2022-40754: Apache Airflow: Open Redirect Jedidiah Cunningham (Sep 20)