Apache · Apache Airflow · CVE-2020-17513
**Name of the Vulnerable Software and Affected Versions**
Apache Airflow versions prior to 1.10.13
**Description**
The Charts and Query View of the old (Flask-admin based) UI in Apache Airflow were vulnerable to a Server-Side Request Forgery (SSRF) attack.
**Recommendations**
For versions prior to 1.10.13, update to version 1.10.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the Charts and Query View of the old UI to minimize the risk of exploitation.