2 matches found
PYSEC-2023-264
Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG.This Javascript can be executed on the client side of any of the user who looks at the tasks in the...
PT-2023-8379 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.6.0 through 2.7.3 Description: The issue is related to a stored XSS vulnerability that allows a DAG author to add unbounded and not-sanitized JavaScript in the parameter description field of the DAG. This JavaScript...