In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
{ "cpes": [ "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*" ], "severity": "Medium" }