PYSEC-2019-215

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2019-215.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2019-215

Aliases

CVE-2019-0229
GHSA-w6j4-3gh2-9f5j

Published

2019-04-10T20:29:00Z

Modified

2023-11-01T04:49:44.959198Z

Summary

[none]

Details

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

References

https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/04/10/6
http://www.securityfocus.com/bid/107869
https://github.com/advisories/GHSA-w6j4-3gh2-9f5j

Affected packages

PyPI / apache-airflow

Package

Name: apache-airflow; View open source insights on deps.dev
Purl: pkg:pypi/apache-airflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.3b1

Affected versions

1.*

1.8.1

1.8.2rc1

1.8.2

1.9.0

1.10.0

1.10.1b1

1.10.1rc2

1.10.1

1.10.2b2

1.10.2rc1

1.10.2rc2

1.10.2rc3

1.10.2