EPSS
Percentile
35.6%
apache-airflow is vulnerable to cross-site request forgery (CSRF). A lack of request verification did not allow the webserver to determine the authenticity of HTTP requests, allowing a remote attacker to perform CSRF attacks.
lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E