Vulnerabilities > Apache > Airflow > 1.10.1

DATE CVE VULNERABILITY TITLE RISK
2020-07-17 CVE-2020-9485 Cross-site Scripting vulnerability in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below.
network
low complexity
apache CWE-79
6.1
6.1
2020-07-17 CVE-2020-11983 Cross-site Scripting vulnerability in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below.
network
low complexity
apache CWE-79
5.4
5.4
2020-07-17 CVE-2020-11982 Deserialization of Untrusted Data vulnerability in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2020-07-17 CVE-2020-11981 OS Command Injection vulnerability in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below.
network
low complexity
apache CWE-78
critical
 9.8
9.8
2020-07-17 CVE-2020-11978 OS Command Injection vulnerability in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below.
network
low complexity
apache CWE-78
8.8
8.8
2020-01-14 CVE-2019-12398 Cross-site Scripting vulnerability in Apache Airflow
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
network
low complexity
apache CWE-79
4.8
4.8
2019-10-30 CVE-2019-12417 Cross-site Scripting vulnerability in Apache Airflow
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
network
low complexity
apache CWE-79
4.8
4.8
2019-04-10 CVE-2019-0229 Cross-Site Request Forgery (CSRF) vulnerability in Apache Airflow
A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.
network
low complexity
apache CWE-352
8.8
8.8
2019-04-10 CVE-2019-0216 Cross-site Scripting vulnerability in Apache Airflow
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
network
low complexity
apache CWE-79
4.8
4.8
2019-02-27 CVE-2018-20244 Cross-site Scripting vulnerability in Apache Airflow
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
network
low complexity
apache CWE-79
5.5
5.5