Correction the issue only affects < 1.10.12 (not <= 1.10.12) On Wed, Sep 16, 2020, 12:27 Kaxil Naik <[email protected]> wrote:
> Versions Affected: <= 1.10.12 > Description: > The "origin" parameter passed to some of the endpoints like '/trigger' was > vulnerable to XSS exploit. > > Credit: > The issue was independently discovered and reported by Ali Al-Habsi of > Accellion & Everardo Padilla Saca. > > Thanks, > Kaxil, > on behalf of Apache Airflow PMC >
