2 matches found
CVE-2022-24288
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
CVE-2021-45229
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument. This issue affects Apache Airflow versions 2.2.3 and below.