CVE-2020-13944

Summary

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.

Affected Software

VendorProductVersion RangeStatus
n/aApache AirflowApache Airflow < 1.10.12affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References