5 matches found
CVE-2019-12417
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...
datamorph-workflow-generator (=0.0.2), i2b2-import (>=0.0.1 <=1.5.34) +1 more potentially affected by CVE-2019-12417 via airflow (=0.6.0)
airflow PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on airflow and may be impacted: - datamorph-workflow-generator =0.0.2 - i2b2-import =0.0.1, =1.5.34 - pandasdb =0.0.10 Source cves: CVE-2019-12417 Source advisory:...
CVE-2019-12417
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...
CVE-2019-12417
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...
CVE-2019-12417
CVE-2019-12417 affects Apache Airflow. A malicious admin user could edit the state of objects in the Airflow metadata database, triggering arbitrary JavaScript execution on affected page views (cross-site scripting). The same action also enables a Local File Disclosure to access files readable by...