5 matches found
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +132 more potentially affected by CVE-2022-43982 via apache-airflow (>=1.8.2 <=2.4.0)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2022-43982 Source advisory: OSV:GHSA-H63R-9XXF-F2C7...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +132 more potentially affected by CVE-2022-43982 via apache-airflow (>=1.8.2 <=2.4.0)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2022-43982 Source advisory: OSV:PYSEC-2022-42970...
CVE-2022-43982 Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument...
CVE-2022-43982
CVE-2022-43982 (Apache Airflow) refers to a cross-site scripting vulnerability in versions prior to 2.4.2, where the Trigger DAG with config screen is vulnerable to XSS via the origin query parameter. The issue arises in the web UI when user-supplied data in origin is reflected back, potentially ...
CVE-2022-43982 Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument...