Date: Sun, 07 May 2023 17:02:53 +0000 From: Pierre Jeambrun <pierrejeambrun@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2023-29247: Stored XSS on Apache Airflow Severity: important Affected versions: - Apache Airflow before 2.6.0 Description: Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. Credit: taidh from VNPT - VCI (finder) kuteminh11 (finder) References: https://github.com/apache/airflow/pull/30447 https://github.com/apache/airflow/pull/30779 https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-29247
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.