Vulnerabilities > Apache > Airflow > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-27 | CVE-2018-20244 | Cross-site Scripting vulnerability in Apache Airflow In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 5.5 |
2018-08-06 | CVE-2017-12614 | Cross-site Scripting vulnerability in Apache Airflow It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. | 6.1 |