Apache · Apache Airflow · CVE-2018-20244
Name of the Vulnerable Software and Affected Versions:
Apache Airflow versions prior to 1.10.2
Description:
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
Recommendations:
For versions prior to 1.10.2, update to version 1.10.2 or later to resolve the issue.