Camille TOLSA created AIRFLOW-1260:
--------------------------------------
Summary: FLOWER XSS Vulnerability
Key: AIRFLOW-1260
URL: https://issues.apache.org/jira/browse/AIRFLOW-1260
Project: Apache Airflow
Issue Type: Bug
Components: webapp
Affects Versions: Airflow 1.7.1.3
Reporter: Camille TOLSA
Priority: Critical
The affected functions are WorkerQueueAddConsumer() and
WorkerQueueCancelConsumer() from the fichier flower/static/js/flower.js file.
The use of the .html() function instead of .text() allows script execution
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
