Thx for sending this out Ash! -s On Mon, Aug 6, 2018 at 2:29 AM Ash Berlin-Taylor <a...@apache.org> wrote:
> CVE-2017-12614: Apache Reflected Reflected XSS Vulnerability > > Vendor: The Apache Software Foundation: > > Versions Affected: < 1.9 > > Description: > It was noticed an XSS in certain 404 pages that could be exploited to > perform an XSS attack. Chrome will detect this as a reflected XSS attempt > and prevent the page from loading. Firefox and other browsers don't, and > are vulnerable to this attack. > > Mitigation: > The fix for this is to upgrade to Apache Airflow 1.9.0 or above > > Credit: > This issue was discovered by Seth Long at Credit Karma