[jira] [Closed] (AIRFLOW-1617) XSS Vulnerability in Variable endpoint
[ https://issues.apache.org/jira/browse/AIRFLOW-1617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bolke de Bruin closed AIRFLOW-1617. --- Resolution: Fixed > XSS Vulnerability in Variable endpoint > -- > > Key: AIRFLOW-1617 > URL: https://issues.apache.org/jira/browse/AIRFLOW-1617 > Project: Apache Airflow > Issue Type: Bug > Components: webserver >Affects Versions: 1.8.2 >Reporter: Bolke de Bruin >Priority: Critical > Labels: security > Fix For: 1.9.0 > > > Variable view has an XSS vulnerability when the Variable template does not > exist. The input is returned to the user as is, without escaping. > Original report by Seth Long. CVE is pending -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (AIRFLOW-1617) XSS Vulnerability in Variable endpoint
[ https://issues.apache.org/jira/browse/AIRFLOW-1617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bolke de Bruin closed AIRFLOW-1617. --- Resolution: Fixed > XSS Vulnerability in Variable endpoint > -- > > Key: AIRFLOW-1617 > URL: https://issues.apache.org/jira/browse/AIRFLOW-1617 > Project: Apache Airflow > Issue Type: Bug > Components: webserver >Affects Versions: 1.8.2 >Reporter: Bolke de Bruin >Priority: Critical > Labels: security > Fix For: 1.10.0 > > > Variable view has an XSS vulnerability when the Variable template does not > exist. The input is returned to the user as is, without escaping. > Original report by Seth Long. CVE is pending -- This message was sent by Atlassian JIRA (v7.6.3#76005)