Lucene search
K

2087 matches found

OSV
OSV
added 2020/07/17 12:15 a.m.8 views

CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

8.8CVSS8.8AI score0.99118EPSS
Exploits9References4
Prion
Prion
added 2020/07/17 12:15 a.m.17 views

Cross site scripting

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI...

4.3CVSS5.8AI score0.01965EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/07/17 12:15 a.m.11 views

Deserialization of untrusted data

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker Redis, RabbitMQ directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack and thus remote code...

7.5CVSS9.4AI score0.07225EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/07/17 12:15 a.m.20 views

Cross site scripting

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...

3.5CVSS5AI score0.01251EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2020/07/17 12:15 a.m.6 views

PYSEC-2020-23

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI...

6.1CVSS6.2AI score0.01965EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2020/07/17 12:15 a.m.7 views

PYSEC-2020-16

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker Redis, RabbitMQ directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack and thus remote code...

9.8CVSS7.5AI score0.07225EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/07/17 12:15 a.m.29 views

Command injection

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

6.5CVSS8.6AI score0.99118EPSS
Exploits9References3Affected Software1
OSV
OSV
added 2020/07/17 12:15 a.m.36 views

PYSEC-2020-14

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

8.8CVSS5.1AI score0.99118EPSS
Exploits9References2
PyPA
PyPA
added 2020/07/17 12:15 a.m.5 views

PYSEC-2020-17

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...

5.4CVSS6AI score0.01251EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2020/07/17 12:15 a.m.5 views

PYSEC-2020-15

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker Redis, RabbitMQ directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands...

9.8CVSS7AI score0.3398EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/07/17 12:15 a.m.22 views

Design/Logic Flaw

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker Redis, RabbitMQ directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands...

7.5CVSS9.3AI score0.3398EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/07/17 12:15 a.m.40 views

PYSEC-2020-23

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI...

6.1CVSS3.1AI score0.01965EPSS
Exploits0References2
OSV
OSV
added 2020/07/17 12:15 a.m.34 views

PYSEC-2020-17

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...

5.4CVSS3.7AI score0.01251EPSS
Exploits0References2
OSV
OSV
added 2020/07/17 12:15 a.m.23 views

PYSEC-2020-15

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker Redis, RabbitMQ directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands...

9.8CVSS7AI score0.3398EPSS
Exploits1References2
OSV
OSV
added 2020/07/17 12:15 a.m.24 views

PYSEC-2020-16

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker Redis, RabbitMQ directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack and thus remote code...

9.8CVSS6.9AI score0.07225EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/17 12:0 a.m.44 views

CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

8.8CVSS3.6AI score0.99118EPSS
In wildExploits9References4
Cvelist
Cvelist
added 2020/07/16 11:21 p.m.36 views

CVE-2020-9485

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI...

5.9AI score0.01965EPSS
Exploits0References1
CVE
CVE
added 2020/07/16 11:21 p.m.92 views

CVE-2020-9485

CVE-2020-9485 is a stored XSS issue affecting Apache Airflow 1.10.10 and earlier, specifically in the Chart pages of the classic UI. The vulnerability is the result of unvalidated input being reflected in the UI, enabling an attacker to inject script via the affected chart rendering. The provided...

6.1CVSS5.8AI score0.01965EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/16 11:21 p.m.31 views

CVE-2020-11983

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...

5.1AI score0.01251EPSS
Exploits0References1
CVE
CVE
added 2020/07/16 11:21 p.m.102 views

CVE-2020-11983

CVE-2020-11983 affects Apache Airflow versions 1.10.10 and earlier, where the RBAC UI admin screens mishandle escaping, enabling authenticated users with necessary permissions to perform stored XSS. The issue arises from improper input escaping in admin management screens of the new/RBAC UI, allo...

5.4CVSS5AI score0.01251EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder