BIT-AIRFLOW-2024-41937 Apache Airflow: Stored XSS Vulnerability on provider link

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the...

Cross Site Scripting(XSS)

apacheairflow is vulnerable to a Cross Site ScriptingXSS. The vulnerability is due to the ability of a malicious provider to execute a script when a user clicks on a provider documentation link in docs.py and provided the provider is installed on the web server, which allows an attacker to exploi...

PYSEC-2024-181

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and theuser to click the provid...

PT-2024-29645 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.10.0 Description: The issue allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This requires the provider to be installed on...