oss-sec mailing list archives

CVE-2020-17513: Apache Airflow Server-Side Request Forgery (SSRF) in Charts & Query View

From: Kaxil Naik <kaxilnaik () apache org>
Date: Fri, 11 Dec 2020 15:51:52 +0000

Versions Affected: < 1.10.13

Description:
The Charts and Query View of the old (Flask-admin based) UI were vulnerable
for SSRF attack.

Thanks,
Kaxil,
on behalf of Apache Airflow PMC

Current thread:

CVE-2020-17513: Apache Airflow Server-Side Request Forgery (SSRF) in Charts & Query View Kaxil Naik (Dec 11)