CVE-2020-17513: In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.

medium5.3CVSS 3.1

AVNACLPRNUINSUCNILAN

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.

2 ranges

Vendor	Product	Version range	Fixed in
apache	airflow	< 1.10.13	1.10.13
apache_software_foundation	apache_airflow	>= Apache Airflow < 1.10.13	1.10.13