What is Apache Airflow CVE-2020-13944?

Apache Airflow CVE-2020-13944 is a vulnerability in Apache Airflow versions prior to 1.10.12 that allows for cross-site scripting (XSS) exploits through the 'origin' parameter in certain endpoints.

How severe is Apache Airflow CVE-2020-13944?

Apache Airflow CVE-2020-13944 has a severity score of 6.1 (Medium).

Which versions of Apache Airflow are affected by CVE-2020-13944?

Apache Airflow versions prior to 1.10.12 are affected by CVE-2020-13944, as well as versions 2.0.0 to 2.0.2.

How can I fix Apache Airflow CVE-2020-13944?

To fix Apache Airflow CVE-2020-13944, it is recommended to upgrade to version 1.10.12 or newer if using versions prior to 1.10.12, or upgrade to version 2.0.3 or newer if using versions 2.0.0 to 2.0.2.

Where can I find more information about Apache Airflow CVE-2020-13944?

More information about Apache Airflow CVE-2020-13944 can be found in the references provided: [Reference 1](http://www.openwall.com/lists/oss-security/2020/12/11/2), [Reference 2](http://www.openwall.com/lists/oss-security/2021/05/01/2), [Reference 3](https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E).

Vulnerability/
CVE-2020-13944

medium

6.1

CWE

17/9/2020

18/6/2021

11/9/2024

CVE-2020-13944: XSS

First published: Thu Sep 17 2020(Updated: )

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache Airflow	<1.10.15
Apache Airflow	>=2.0.0<2.0.2
pip/apache-airflow	<1.10.12	1.10.12
	<1.10.15
	>=2.0.0<2.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is Apache Airflow CVE-2020-13944?
Apache Airflow CVE-2020-13944 is a vulnerability in Apache Airflow versions prior to 1.10.12 that allows for cross-site scripting (XSS) exploits through the 'origin' parameter in certain endpoints.
How severe is Apache Airflow CVE-2020-13944?
Apache Airflow CVE-2020-13944 has a severity score of 6.1 (Medium).
Which versions of Apache Airflow are affected by CVE-2020-13944?
Apache Airflow versions prior to 1.10.12 are affected by CVE-2020-13944, as well as versions 2.0.0 to 2.0.2.
How can I fix Apache Airflow CVE-2020-13944?
To fix Apache Airflow CVE-2020-13944, it is recommended to upgrade to version 1.10.12 or newer if using versions prior to 1.10.12, or upgrade to version 2.0.3 or newer if using versions 2.0.0 to 2.0.2.
Where can I find more information about Apache Airflow CVE-2020-13944?
More information about Apache Airflow CVE-2020-13944 can be found in the references provided: [Reference 1](http://www.openwall.com/lists/oss-security/2020/12/11/2), [Reference 2](http://www.openwall.com/lists/oss-security/2021/05/01/2), [Reference 3](https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E).

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-4pwq-fj89-6rjc
alias/CVE-2020-13944
agent/software-canonical-lookup
agent/severity
agent/references
agent/last-modified-date
agent/description
agent/author
agent/softwarecombine
agent/event
collector/nvd-cve
source/NVD
collector/github-advisory
agent/tags
agent/trending
vendor/apache
canonical/apache airflow
version/apache airflow/2.0.0
package-manager/pip