Lucene search
GitHub Advisory DatabaseGHSA-J482-47XF-P25CHistoryJul 17, 2024 - 9:30 a.m.
Apache Airflow Potential Cross-site Scripting Vulnerability
2024-07-1709:30:48
CWE-74
CWE-79
GitHub Advisory Database
github.com
4
apache
airflow
cross-site scripting
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.5
Confidence
High
EPSS
0.001
Percentile
27.3%
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
Affected configurations
Node
apacheairflowRange<2.9.3
Related
osv
osv
CGA-45cj-mqr9-6j37
2024-07-18 18:19:42
CVE-2024-39863
2024-07-17 08:15:01
BIT-airflow-2024-39863
2024-07-19 07:16:29
vulnrichment
vulnrichment
CVE-2024-39863 Apache Airflow: Potential XSS Vulnerability
2024-07-17 07:53:31
wolfi
wolfi
CVE-2024-39863 vulnerabilities
2024-09-19 21:18:36
nvd
nvd
CVE-2024-39863
2024-07-17 08:15:01
cvelist
cvelist
CVE-2024-39863 Apache Airflow: Potential XSS Vulnerability
2024-07-17 07:53:31
veracode
veracode
Link Injection
2024-07-18 06:17:21
cve
cve
CVE-2024-39863
2024-07-17 08:15:01
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.5
Confidence
High
EPSS
0.001
Percentile
27.3%
Related for GHSA-J482-47XF-P25C