Back to search
CVE-2020-13944
Published: Sep 17, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache Airflow | affected Apache Airflow < 1.10.12 |
References
[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter
mailing-list
x_refsource_MLIST
[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515
mailing-list
x_refsource_MLIST
[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515
mailing-list
x_refsource_MLIST
[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter
mailing-list
x_refsource_MLIST
[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515
mailing-list
x_refsource_MLIST
[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL
mailing-list
x_refsource_MLIST
[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now