airflow is vulnerable to cross-site scripting (XSS) attacks. These attacks are possible through the variable view, when the variable template doesn’t exist. When this happens, the input is returned to the user without being escaped.
CPE | Name | Operator | Version |
---|---|---|---|
airflow | le | 1.8.0 | |
apache-airflow | le | 1.8.2 |