Venkat

**Name of the Vulnerable Software and Affected Versions** Spinnaker (affected versions not specified) **Description** The Spinnaker template resolution functionality is susceptible to Server-Side Request Forgery (SSRF), allowing an attacker to send requests on behalf of Spinnaker, potentially leading to sensitive data disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 1.10.5 **Description** A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views when running with the classic UI. The new RBAC UI is unaffected. **Recommendations** For versions prior to 1.10.5, update to version 1.10.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the classic UI until the update is applied.