Filtered by vendor Apache Subscriptions
Filtered by product Airflow Subscriptions
Total 82 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-15720 1 Apache 1 Airflow 2024-11-21 N/A
In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.
CVE-2017-12614 1 Apache 1 Airflow 2024-11-21 N/A
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.