6 matches found
acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.9.5.1rc1 <=1.3.1.post1) +124 more potentially affected by CVE-2021-45229 via apache-airflow (>=1.8.2 <=2.2.3)
apache-airflow PYPI version =1.8.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.10.2, =0.11.0 - airflow-ditto =0.0.1.2 and more Source cves: CVE-2021-45229 Source advisory: OSV:GHSA-65XW-PCQW-HJRH...
CVE-2021-45229
creationtimestamp| type| source ---|---|--- 2022-02-25 12:20:29+00:00| seen| https://t.me/cibsecurity/38076...
CVE-2021-45229
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument. This issue affects Apache Airflow versions 2.2.3 and below...
acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.9.5.1rc1 <=1.3.1.post1) +124 more potentially affected by CVE-2021-45229 via apache-airflow (>=1.8.2 <=2.2.3)
apache-airflow PYPI version =1.8.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.10.2, =0.11.0 - airflow-ditto =0.0.1.2 and more Source cves: CVE-2021-45229 Source advisory: OSV:PYSEC-2022-29...
CVE-2021-45229 Apache Airflow: Reflected XSS via Origin Query Argument in URL
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument. This issue affects Apache Airflow versions 2.2.3 and below...
CVE-2021-45229
The CVE-2021-45229 entry describes a reflected XSS in Apache Airflow: the Trigger DAG with config screen is vulnerable to XSS via the origin URL parameter, affecting Airflow 2.2.3 and earlier. The root cause is insufficient input handling for the origin parameter that can inject script into the b...