Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2022-74073)

Apache Airflow is a community-created platform for programmatically authoring, scheduling, and monitoring workflows. a cross-site scripting vulnerability exists in versions of Apache Airflow prior to 2.4.2. The vulnerability is related to the affected version not properly filtering user input. Th...

PT-2022-27052 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.4.2 Description: The issue concerns an XSS attack via the origin query argument in the "Trigger DAG with config" screen. Recommendations: For versions prior to 2.4.2, update to version 2.4.2 or later to...