Apache Airflow Reflected Cross-site Scripting vulnerability in 404 Endpoint
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 23, 2024
Description
Published by the National Vulnerability Database
Aug 6, 2018
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Feb 23, 2024
Last updated
Feb 23, 2024
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. However Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.
References