Identifier

CVE-2020-11983

Package Slug

pypi/apache-airflow

Vulnerability

Cross-site Scripting

Description

An issue was found in Apache Airflow. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Affected Versions

All versions up to 1.10.10

Solution

Upgrade to version 1.10.11 or above.

Last Modified

2020-07-23

source