EPSS
Percentile
54.6%
apache_airflow is vulnerable to open redirect attacks. The vulnerability exists in confirm function of views.py because of an open redirect in the webserver’s confirm endpoint which allows an attacker to provide malicious URLs.
confirm
views.py
github.com/apache/airflow/pull/26409
github.com/apache/airflow/pull/26409/commits/471ff463be8812efcebcba4e430631f255f74f26
github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2022-280.yaml
lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm