Lucene search
+L

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0040

Malware in sbrugna...

6.1CVSS6.5AI score0.16028EPSS
Exploits0References27
OSV
OSV
added 2024/03/06 11:0 a.m.30 views

BIT-AIRFLOW-2020-17515

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...

6.1CVSS6AI score0.16028EPSS
Exploits0References9
OSV
OSV
added 2024/03/06 10:59 a.m.31 views

BIT-AIRFLOW-2021-28359 Apache Airflow Reflected XSS via Origin Query Argument in URL

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...

6.1CVSS6.7AI score0.14389EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/06/18 6:43 p.m.120 views

Cross-site Scripting in Apache Airflow

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...

6.1CVSS6.5AI score0.14389EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/04/20 4:40 p.m.56 views

GHSA-86VP-X3PR-79RX Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944

The origin parameter passed to some of the endpoints like /trigger was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.15. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...

6.1CVSS6AI score0.16028EPSS
Exploits0References22
Github Security Blog
Github Security Blog
added 2021/04/20 4:40 p.m.75 views

Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944

The origin parameter passed to some of the endpoints like /trigger was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.15. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...

6.1CVSS6AI score0.25076EPSS
Exploits0References21Affected Software1
Prion
Prion
added 2020/12/11 2:15 p.m.33 views

Design/Logic Flaw

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...

4.3CVSS5.7AI score0.25076EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2020/09/17 2:15 p.m.24 views

CVE-2020-13944

In Apache Airflow 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit...

6.1CVSS0.25076EPSS
Exploits0References9
CVE
CVE
added 2020/09/17 2:1 p.m.112 views

CVE-2020-13944

The vulnerability described as CVE-2020-13944 affects Apache Airflow via a Cross‑Site Scripting (XSS) flaw in the origin parameter for some endpoints (notably /trigger) in older Airflow releases. Connected advisories reiter that the issue occurs in <1.10.12 (and related

6.1CVSS5.8AI score0.25076EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder