CVE-2021-45229

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
25/02/2022
Last modified:
04/03/2022

Description

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* 2.2.3 (including)


References to Advisories, Solutions, and Tools