Filtered by vendor Apache
Subscriptions
Filtered by product Airflow
Subscriptions
Total
82 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-15720 | 1 Apache | 1 Airflow | 2024-11-21 | N/A |
In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object. | ||||
CVE-2017-12614 | 1 Apache | 1 Airflow | 2024-11-21 | N/A |
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above. |