apache-airflow is vulnerable to cross-site scripting (XSS). An administrative user is able to edit the state of objects in the metadata database to contain malicious Javascript, which will execute in a victim’s browser when rendered. This vulnerability also allows reading of arbirary files permitted by the web server process worker.
CPE | Name | Operator | Version |
---|---|---|---|
apache-airflow | le | 1.10.5 |