cbcvebase.
CVE-2020-13944
published 2020-09-17

CVE-2020-13944: In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.

Affected

6 ranges
VendorProductVersion rangeFixed in
apacheairflow< 1.10.151.10.15
apacheairflow>= 1.0.0 < 1.10.151.10.15
apacheairflow>= 2.0.0 < 2.0.22.0.2
apache_software_foundationapache_airflow
apache_software_foundationapache_airflow
apache_software_foundationapache_airflow>= Apache Airflow < 1.10.151.10.15

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ghsa6.1MEDIUM
osv6.1MEDIUM