CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL

Tue, 01 Nov 2022 14:01:50 -0700 

Description:

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config"
screen was susceptible to XSS attacks via the `origin` query argument.

Credit:

The Apache Airflow PMC would like to thank id_No2015429 of 3H Security Team
for reporting this issue.

References:

https://github.com/apache/airflow/pull/27143

Reply via email to