Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2023/12/21 12:30 p.m.4 views

acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1), airflow-clickhouse-plugin (>=0.11.0 <=1.1.0rc2) +11 more potentially affected by CVE-2023-47265 via apache-airflow (>=2.6.3 <=2.8.0)

apache-airflow PYPI version =2.6.3, =0.10.5.2rc3, =0.11.0, =0.3.1, =0.0.1a0, =1.0.0rc1, =0.1.30, =0.0.1, =0.1.0, =1.2.0, =1.3.4, =1.3.5 Source cves: CVE-2023-47265 Source advisory: OSV:GHSA-PXCH-WR7M-RWXJ...

5.4CVSS6AI score0.01344EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/21 10:15 a.m.7 views

acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1), airflow-clickhouse-plugin (>=0.11.0 <=1.1.0rc2) +11 more potentially affected by CVE-2023-47265 via apache-airflow (>=2.6.3 <=2.8.0)

apache-airflow PYPI version =2.6.3, =0.10.5.2rc3, =0.11.0, =0.3.1, =0.0.1a0, =1.0.0rc1, =0.1.30, =0.0.1, =0.1.0, =1.2.0, =1.3.4, =1.3.5 Source cves: CVE-2023-47265 Source advisory: OSV:PYSEC-2023-264...

5.4CVSS6AI score0.01344EPSS
Exploits0
Cvelist
Cvelist
added 2023/12/21 9:28 a.m.30 views

CVE-2023-47265 Apache Airflow: DAG Params alllow to embed unchecked Javascript

Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the...

5.5AI score0.01344EPSS
Exploits0References3
CVE
CVE
added 2023/12/21 9:28 a.m.64 views

CVE-2023-47265

CVE-2023-47265 involves Apache Airflow, affecting versions 2.6.0 through 2.7.3. The issue is a stored XSS vulnerability in the parameter description field of a DAG, allowing a DAG author to inject unbounded, unsanitized JavaScript. This code executes in the browser sandbox of users viewing the DA...

5.4CVSS5.3AI score0.01344EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder