[ https://issues.apache.org/jira/browse/AIRFLOW-1617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bolke de Bruin reopened AIRFLOW-1617: ------------------------------------- > XSS Vulnerability in Variable endpoint > -------------------------------------- > > Key: AIRFLOW-1617 > URL: https://issues.apache.org/jira/browse/AIRFLOW-1617 > Project: Apache Airflow > Issue Type: Bug > Components: webserver > Affects Versions: 1.8.2 > Reporter: Bolke de Bruin > Priority: Critical > Labels: security > Fix For: 1.9.0 > > > Variable view has an XSS vulnerability when the Variable template does not > exist. The input is returned to the user as is, without escaping. > Original report by Seth Long. CVE is pending -- This message was sent by Atlassian JIRA (v7.6.3#76005)