CVE-2020-17513

Summary

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache AirflowApache Airflow < 1.10.13affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References