Lucene search
ApacheCVELIST:CVE-2024-41937HistoryAug 21, 2024 - 3:31 p.m.
CVE-2024-41937 Apache Airflow: Stored XSS Vulnerability on provider link
2024-08-2115:31:13
CWE-79
apache
www.cve.org
7
cve-2024-41937
apache airflow
stored xss
vulnerability
cross-site scripting
upgrade
EPSS
0.001
Percentile
38.6%
Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and theΒ user to click the provider link.
Users should upgrade to 2.10.0 or later, which fixes this vulnerability.
CNA Affected
[
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.10.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
github
github
Apache Airflow Cross-site Scripting Vulnerability
2024-08-21 18:31:27
hackerone
hackerone
osv
osv
Apache Airflow Cross-site Scripting Vulnerability
2024-08-21 18:31:27
CVE-2024-41937
2024-08-21 16:15:08
BIT-airflow-2024-41937
2024-08-23 07:16:07
vulnrichment
vulnrichment
CVE-2024-41937 Apache Airflow: Stored XSS Vulnerability on provider link
2024-08-21 15:31:13
cve
cve
CVE-2024-41937
2024-08-21 16:15:08
veracode
veracode
Cross Site Scripting(XSS)
2024-08-22 06:55:10
nvd
nvd
CVE-2024-41937
2024-08-21 16:15:08
wolfi
wolfi
CVE-2024-41937 vulnerabilities
2024-09-19 21:18:36