MEDIUM 5.4 PyPI
Apache Airflow vulnerable to stored Cross-site Scripting
GHSA-vcf6-3wv2-5vcr · BIT-airflow-2023-29247 · CVE-2023-29247 · PYSEC-2023-60
Published · Modified
Description
Task instance details page in the UI is vulnerable to stored cross-site scripting. This issue affects Apache Airflow before 2.6.0.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-29247
- WEB https://github.com/apache/airflow/pull/30447
- WEB https://github.com/apache/airflow/pull/30779
- WEB https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75
- WEB https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e
- PACKAGE https://github.com/apache/airflow
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml
- WEB https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl
Ready to move
Start Securing
Free, no credit card | First findings in minutes