CVE-2021-45229

CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL

Vendor Apache Software Foundation

Product Apache Airflow

Weakness CWE-79 · XSS

Published February 25, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Key dates

Disclosure timeline

February 25, 2022 CVE published

August 4, 2024 Record updated