QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-41937

Back to search

CVE-2024-41937

Published: Aug 21, 2024

Modified: Mar 20, 2025

PUBLISHED

Description

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link. Users should upgrade to 2.10.0 or later, which fixes this vulnerability.

VendorProductVersions

Apache Software Foundation

Apache Airflow

affected
0 - < 2.10.0

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now