oss-sec mailing list archives
CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL
From: Jedidiah Cunningham <jedcunningham () apache org>
Date: Tue, 01 Nov 2022 20:59:06 +0000
Description: In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. Credit: The Apache Airflow PMC would like to thank id_No2015429 of 3H Security Team for reporting this issue. References: https://github.com/apache/airflow/pull/27143
Current thread:
- CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL Jedidiah Cunningham (Nov 01)