CVE-2021-28359
pypi/apache-airflow
Cross-site Scripting
The origin
parameter passed to some of the endpoints like /trigger
is vulnerable to XSS. This is the same issue as CVE-2020-13944 and CVE-2020-17515 but the implemented fix does not fix the issue completely.
All versions starting from 1.0.0 before 1.10.15, all versions starting from 2.0.0 before 2.0.2
Upgrade to versions 1.10.15, 2.0.2 or above.
2021-05-12
source |