CVE-2018-20244

Summary

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache AirflowApache Airflow <= 1.10.1affected

Weaknesses

  • Stored XSS

ADP Enrichment

CVE Program Container

Additional References

References