t oo created AIRFLOW-4179:
-----------------------------
Summary: [security] ui - outdated libraries in use
Key: AIRFLOW-4179
URL: https://issues.apache.org/jira/browse/AIRFLOW-4179
Project: Apache Airflow
Issue Type: Bug
Components: security, ui
Reporter: t oo
"The Airflow application utilises the following three outdated libraries that
contain publicly disclosed security vulnerabilities:
-bootstrap 3.3.5
-moment.js 2.9.0
-jQuery 2.1.4"
Business Impact/Attack Scenario
The out of date libraries are vulnerable attacks such as cross-site scripting
(XSS), which can be used to steal credentials, perform unauthorised actions,
redirect the user to a malicious site or track the user's actions, or denial of
service attacks.
Recommendation
"Update libraries to the latest versions at the time of writing as listed
below. If old libraries are required for compatability reasons, update to the
latest version of the legacy branch and review whether the application is using
the vulnerable component to determine whether additional sanitisation of input
may be required.
Latest versions:
-bootstrap 4.3.1
-moment.js 2.19.3
-jQuery 3.3.1"
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
