Back to search
CVE-2017-12614
Published: Aug 6, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Airflow | affected < 1.9.0 |
References
[dev] 20180806 CVE-2017-12614 XSS Vulnerability in Airflow < 1.9
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now