CVE-2021-28359

Cross-site Scripting in pypi/apache-airflow

Identifiers

CVE-2021-28359

Package Slug

pypi/apache-airflow

Vulnerability

Cross-site Scripting

Description

The origin parameter passed to some of the endpoints like /trigger is vulnerable to XSS. This is the same issue as CVE-2020-13944 and CVE-2020-17515 but the implemented fix does not fix the issue completely.

Affected Versions

All versions starting from 1.0.0 before 1.10.15, all versions starting from 2.0.0 before 2.0.2

Solution

Upgrade to versions 1.10.15, 2.0.2 or above.

Last Modified

2021-05-12

source