Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozOGMtMjVmai1tcjg0

Moderate CVSS: 5.3 EPSS: 0.02134% (0.82638 Percentile) EPSS:
Permalink JSON

Stored XSS in Apache Airflow

Affected Packages Affected Versions Fixed Versions
pypi:apache-airflow < 1.10.11 1.10.11
314 Dependent packages
1,554 Dependent repositories
15,393,544 Downloads last month

Affected Version Ranges

All affected versions

1.8.1, 1.8.2, 1.9.0, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10

All unaffected versions

1.10.11, 1.10.12, 1.10.13, 1.10.14, 1.10.15, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.11.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

References:

Identifiers

GHSA-j38c-25fj-mr84

CVE-2020-9485

Risk

Severity

Moderate

CVSS

CVSS Score: 5.3

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS

EPSS Percentage: 0.02134

EPSS Percentile: 0.82638

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

about 5 years ago

Updated

11 months ago

API

JSON