CVE-2020-13944
Cross-site Scripting in pypi/apache-airflow
Identifiers
CVE-2020-13944
Package Slug
pypi/apache-airflow
Vulnerability
Cross-site Scripting
Description
In Apache Airflow, the origin parameter passed to endpoints like /trigger is vulnerable to XSS.
Affected Versions
All versions before 1.10.12
Solution
Upgrade to version 1.10.12 or above.
Last Modified
2020-09-22
| source |