CVE-2021-45229: XSS
First published: Fri Feb 25 2022(Updated: )
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Airflow | <=2.2.3 | |
| pip/apache-airflow | <2.2.4 | 2.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-45229?
CVE-2021-45229 is a vulnerability that allows for XSS attacks via the `origin` query argument in the "Trigger DAG with config" screen of Apache Airflow versions 2.2.3 and below.
How severe is CVE-2021-45229?
CVE-2021-45229 has a severity rating of 6.1, which is considered medium severity.
How does CVE-2021-45229 affect Apache Airflow?
CVE-2021-45229 affects Apache Airflow versions 2.2.3 and below, making them vulnerable to XSS attacks on the "Trigger DAG with config" screen.
How can I fix CVE-2021-45229?
To fix CVE-2021-45229, it is recommended to upgrade to a version of Apache Airflow that is not affected by this vulnerability.
What is the Common Vulnerabilities and Exposures (CVE) identifier for this vulnerability?
The Common Vulnerabilities and Exposures (CVE) identifier for this vulnerability is CVE-2021-45229.
- collector/nvd-index
- agent/first-publish-date
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-65xw-pcqw-hjrh
- alias/CVE-2021-45229
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/tags
- agent/author
- collector/github-advisory
- vendor/apache
- canonical/apache airflow
- version/apache airflow/2.2.3
- package-manager/pip