4 matches found
acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1), airflow-clickhouse-plugin (>=0.11.0 <=1.1.0rc2) +11 more potentially affected by CVE-2023-47265 via apache-airflow (>=2.6.3 <=2.8.0)
apache-airflow PYPI version =2.6.3, =0.10.5.2rc3, =0.11.0, =0.3.1, =0.0.1a0, =1.0.0rc1, =0.1.30, =0.0.1, =0.1.0, =1.2.0, =1.3.4, =1.3.5 Source cves: CVE-2023-47265 Source advisory: OSV:GHSA-PXCH-WR7M-RWXJ...
acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1), airflow-clickhouse-plugin (>=0.11.0 <=1.1.0rc2) +11 more potentially affected by CVE-2023-47265 via apache-airflow (>=2.6.3 <=2.8.0)
apache-airflow PYPI version =2.6.3, =0.10.5.2rc3, =0.11.0, =0.3.1, =0.0.1a0, =1.0.0rc1, =0.1.30, =0.0.1, =0.1.0, =1.2.0, =1.3.4, =1.3.5 Source cves: CVE-2023-47265 Source advisory: OSV:PYSEC-2023-264...
CVE-2023-47265 Apache Airflow: DAG Params alllow to embed unchecked Javascript
Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the...
CVE-2023-47265
CVE-2023-47265 involves Apache Airflow, affecting versions 2.6.0 through 2.7.3. The issue is a stored XSS vulnerability in the parameter description field of a DAG, allowing a DAG author to inject unbounded, unsanitized JavaScript. This code executes in the browser sandbox of users viewing the DA...