Lucene search

K

CVE-2019-12417

🗓️ 30 Oct 2019 22:10:15Reported by apacheType 
cve
 cve
🔗 web.nvd.nist.gov👁 63 Views

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process

Show more
Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
OSV
Apache Airflow vulnerable to XSS and local file disclosure
22 Nov 201913:45
osv
OSV
PYSEC-2019-216
30 Oct 201922:15
osv
Veracode
Cross-Site Scripting (XSS)
31 Oct 201902:21
veracode
Cvelist
CVE-2019-12417
30 Oct 201921:04
cvelist
Github Security Blog
Apache Airflow vulnerable to XSS and local file disclosure
22 Nov 201913:45
github
NVD
CVE-2019-12417
30 Oct 201922:15
nvd
Prion
Arbitrary file deletion
30 Oct 201922:15
prion
Nvd
Vulners
Node
apacheairflowRange1.10.5
[
  {
    "product": "Apache Airflow",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Airflow up to 1.10.5"
      }
    ]
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
30 Oct 2019 22:15Current
5.5Medium risk
Vulners AI Score5.5
CVSS23.5
CVSS34.8
EPSS0.001
63
.json
Report