Lucene search
ApacheVULNRICHMENT:CVE-2024-41937HistoryAug 21, 2024 - 3:31 p.m.
CVE-2024-41937 Apache Airflow: Stored XSS Vulnerability on provider link
2024-08-2115:31:13
CWE-79
apache
github.com
6
apache airflow
cross-site scripting
vulnerability
cve-2024-41937
provider link
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
38.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and theĀ user to click the provider link.
Users should upgrade to 2.10.0 or later, which fixes this vulnerability.
Related
github
github
Apache Airflow Cross-site Scripting Vulnerability
2024-08-21 18:31:27
hackerone
hackerone
cvelist
cvelist
CVE-2024-41937 Apache Airflow: Stored XSS Vulnerability on provider link
2024-08-21 15:31:13
osv
osv
Apache Airflow Cross-site Scripting Vulnerability
2024-08-21 18:31:27
CVE-2024-41937
2024-08-21 16:15:08
BIT-airflow-2024-41937
2024-08-23 07:16:07
cve
cve
CVE-2024-41937
2024-08-21 16:15:08
veracode
veracode
Cross Site Scripting(XSS)
2024-08-22 06:55:10
nvd
nvd
CVE-2024-41937
2024-08-21 16:15:08
wolfi
wolfi
CVE-2024-41937 vulnerabilities
2024-09-19 21:18:36
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
38.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-41937