CVE-2024-41937

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.10.0

Description The issue allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This requires the provider to be installed on the web server and the user to click the provider link.

Recommendations For Apache Airflow versions prior to 2.10.0, upgrade to 2.10.0 or later, which fixes this issue. As a temporary workaround, consider restricting access to provider documentation links to minimize the risk of exploitation.