Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache airflow vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-28359
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-...
Apache Airflow
6.1
CVSSv3
CVE-2020-17515
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions before 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue com...
Apache Airflow
6.1
CVSSv3
CVE-2020-13944
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
Apache Airflow
6.1
CVSSv3
CVE-2020-9485
An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability exists in the Chart pages of the the "classic" UI.
Apache Airflow
6.1
CVSSv3
CVE-2017-12614
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for thi...
Apache Airflow
5.9
CVSSv3
CVE-2023-39441
Apache Airflow SMTP Provider prior to 1.3.0, Apache Airflow IMAP Provider prior to 3.3.0, and Apache Airflow prior to 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificat...
Apache Airflow
Apache Apache-airflow-providers-smtp
Apache Apache-airflow-providers-imap
5.5
CVSSv3
CVE-2022-40954
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an malicious user to read arbtrary files in the task execution context, without write access to DAG files. Th...
Apache Airflow
Apache Apache-airflow-providers-apache-spark
5.5
CVSSv3
CVE-2018-20244
In Apache Airflow prior to 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
Apache Airflow
5.4
CVSSv3
CVE-2023-47265
Apache Airflow, versions 2.6.0 up to and including 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user w...
Apache Airflow
5.4
CVSSv3
CVE-2023-29247
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: prior to 2.6.0.
Apache Airflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »