CVE-2024-39863

CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability

Vendor Apache Software Foundation

Product Apache Airflow

Weakness CWE-79 · XSS

Published July 17, 2024

Last update September 13, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.

Key dates

Disclosure timeline

July 17, 2024 CVE published

September 13, 2024 Record updated