Vulnerabilities > Apache > Airflow > 2.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-16 | CVE-2021-35936 | Missing Authentication for Critical Function vulnerability in Apache Airflow If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. | 5.3 |
2021-05-02 | CVE-2021-28359 | Cross-site Scripting vulnerability in Apache Airflow The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | 6.1 |
2020-12-11 | CVE-2020-17515 | Cross-site Scripting vulnerability in Apache Airflow The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | 6.1 |
2020-09-17 | CVE-2020-13944 | Cross-site Scripting vulnerability in Apache Airflow In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | 6.1 |