PYSEC-2020-23

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2020-23.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2020-23
Aliases
Published
2020-07-17T00:15:00Z
Modified
2023-12-06T00:45:41.622199Z
Summary
[none]
Details

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

References

Affected packages

PyPI / apache-airflow

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.11rc1

Affected versions

1.*

1.8.1
1.8.2rc1
1.8.2
1.9.0
1.10.0
1.10.1b1
1.10.1rc2
1.10.1
1.10.2b2
1.10.2rc1
1.10.2rc2
1.10.2rc3
1.10.2
1.10.3b1
1.10.3b2
1.10.3rc1
1.10.3rc2
1.10.3
1.10.4b2
1.10.4rc1
1.10.4rc2
1.10.4rc3
1.10.4rc4
1.10.4rc5
1.10.4
1.10.5rc1
1.10.5
1.10.6rc1
1.10.6rc2
1.10.6
1.10.7rc1
1.10.7rc2
1.10.7rc3
1.10.7
1.10.8rc1
1.10.8
1.10.9rc1
1.10.9
1.10.10rc1
1.10.10rc2
1.10.10rc3
1.10.10rc4
1.10.10rc5
1.10.10