Hi Airflow community, Please find below the information about a vulnerability which has been addressed in Apache Airflow v1.10.13. Airflow 1.10.13 contains a bug so I would recommend users to upgrade to Airflow 1.10.14 (released yesterday):
*CVE-2020-17513: Apache Airflow Server-Side Request Forgery (SSRF) in Charts & Query View* *Description*: In Airflow < 1.10.13, The Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. Thanks. Kaxil @ Airflow PMC