In Apache Airflow versions before 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
apache airflow