CVE-2022-43982

CVE-2022-43982: Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL

Vendor Apache Software Foundation
Product Apache Airflow
Weakness CWE-79 · XSS
Published November 2, 2022
Last update May 2, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Key dates

Disclosure timeline

November 2, 2022 CVE published
May 2, 2025 Record updated