CVE-2024-39863

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.9.3

Description: The issue is related to the lack of protection for the web page structure in the Provider component of Apache Airflow, allowing an authenticated attacker to inject a malicious link when installing a provider. This can lead to a cross-site scripting (XSS) attack.

Recommendations: For Apache Airflow versions prior to 2.9.3, upgrade to version 2.9.3 to fix the issue.

Fix

XSS

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-74

Related Identifiers

BDU:2024-05568

BIT-AIRFLOW-2024-39863

CVE-2024-39863

GHSA-J482-47XF-P25C

PYSEC-2024-189

Affected Products

Apache Airflow

CVE-2024-39863

Weakness Enumeration

Related Identifiers

Affected Products

References · 18