CVE-2019-12417
published 2019-10-30CVE-2019-12417: A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also…
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | <= 1.10.5 | — |
| apache | airflow | >= 0 < 1.10.6 | 1.10.6 |