0Xt4Req

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions 2.7.0 through 2.7.3 **Description** The issue is related to insufficient authentication of executed requests in Apache Airflow, allowing an attacker to trigger a DAG in a GET request without CSRF validation. This could enable a malicious website opened in the same browser as the Airflow UI to trigger the execution of DAGs without the user's consent. **Recommendations** For Apache Airflow versions 2.7.0 through 2.7.3, upgrade to version 2.8.0 or later, which is not affected by this issue. As a temporary workaround, consider restricting access to the Airflow UI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Notes app versions 4.4.0 through 4.7.x **Description** The issue occurs when creating a note file with HTML in the Nextcloud Notes app. Instead of offering the file for download, the content is rendered in the preview. This affects versions prior to 4.8.0. No known workarounds are available for this issue. **Recommendations** For versions 4.4.0 through 4.7.x, update to version 4.8.0 to resolve the issue. At the moment, there is no information about other versions that contain a fix for this vulnerability.