oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL

From: Jedidiah Cunningham <jedcunningham () apache org>
Date: Tue, 01 Nov 2022 20:59:06 +0000
Description:

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the 
`origin` query argument.

Credit:

The Apache Airflow PMC would like to thank id_No2015429 of 3H Security Team for reporting this issue.

References:

https://github.com/apache/airflow/pull/27143
Previous By Date Next
Previous By Thread Next

Current thread: