CVE-2023-29247: Apache Airflow vulnerable to stored Cross-site Scripting
(updated )
Task instance details page in the UI is vulnerable to stored cross-site scripting. This issue affects Apache Airflow before 2.6.0.
References
- github.com/advisories/GHSA-vcf6-3wv2-5vcr
- github.com/apache/airflow
- github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75
- github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e
- github.com/apache/airflow/pull/30447
- github.com/apache/airflow/pull/30779
- github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml
- lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl
- nvd.nist.gov/vuln/detail/CVE-2023-29247
Detect and mitigate CVE-2023-29247 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →