First published: Fri Feb 25 2022(Updated: )
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Airflow | <=2.2.3 | |
pip/apache-airflow | >=0<2.2.4rc1 | 2.2.4rc1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-45229 is a vulnerability that allows for XSS attacks via the `origin` query argument in the "Trigger DAG with config" screen of Apache Airflow versions 2.2.3 and below.
CVE-2021-45229 has a severity rating of 6.1, which is considered medium severity.
CVE-2021-45229 affects Apache Airflow versions 2.2.3 and below, making them vulnerable to XSS attacks on the "Trigger DAG with config" screen.
To fix CVE-2021-45229, it is recommended to upgrade to a version of Apache Airflow that is not affected by this vulnerability.
The Common Vulnerabilities and Exposures (CVE) identifier for this vulnerability is CVE-2021-45229.