CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter

[Kaxil Naik <kaxilnaik () apache org>]

Versions Affected: < 1.10.13

Description:
The "origin" parameter passed to some of the endpoints like '/trigger' was
vulnerable to XSS exploit. This issue affects Apache Airflow versions prior
to 1.10.13.

This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13
did not fix the issue completely.

Credit:
Ali Al-Habsi of Accellion

Thanks,
Kaxil,
on behalf of Apache Airflow PMC