Vulnerabilities > Apache > Airflow > 2.0.1

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-35936 Missing Authentication for Critical Function vulnerability in Apache Airflow
If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default.
network
low complexity
apache CWE-306
5.3
5.3
2021-05-02 CVE-2021-28359 Cross-site Scripting vulnerability in Apache Airflow
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
network
low complexity
apache CWE-79
6.1
6.1
2020-12-11 CVE-2020-17515 Cross-site Scripting vulnerability in Apache Airflow
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
network
low complexity
apache CWE-79
6.1
6.1
2020-09-17 CVE-2020-13944 Cross-site Scripting vulnerability in Apache Airflow
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
network
low complexity
apache CWE-79
6.1
6.1