63 matches found
PYSEC-2020-162
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...
PYSEC-2020-162
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...
PYSEC-2020-181
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...
CVE-2019-12398
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...
GHSA-Q3P4-GW7R-WQJC Apache Airflow vulnerable to XSS and local file disclosure
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...
Apache Airflow vulnerable to XSS and local file disclosure
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...
Cross-Site Scripting (XSS)
apache-airflow is vulnerable to cross-site scripting XSS. An administrative user is able to edit the state of objects in the metadata database to contain malicious Javascript, which will execute in a victim's browser when rendered. This vulnerability also allows reading of arbirary files permitte...
CVE-2019-12417
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...
Arbitrary file deletion
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...
PYSEC-2019-216
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...
GHSA-8P7V-2JVJ-V54R Apache Airflow vulnerable to Stored XSS
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
Apache Airflow vulnerable to Stored XSS
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
PYSEC-2019-214
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
GHSA-99CV-8CVV-666C Apache Airflow vulnerable to Stored XSS
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
Apache Airflow vulnerable to Stored XSS
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
Cross-Site Scripting (XSS)
apache-airflow is vulnerable to cross-site scripting XSS. An admin user is able to inject arbitrary Javascript into a victim's browser through the modification of state of objects in the metadata database, which would execute on certain page views...
CVE-2018-20244
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
PYSEC-2019-142
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
CVE-2018-20244
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
CVE-2018-12088
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is...