CVE List

CVE-2019-12398

Moderate 4.8

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

Published January 14, 2020.

Affected software

Get alerts for Apache Airflow

Reference links