0.001 Low
EPSS
Percentile
30.8%
Airflow is vulnerable to cross-site request forgery (CSRF). The paused and query methods are state-changing, allowing CSRF.
github.com/apache/incubator-airflow/commit/673026c740411cc6447aede8c6a816460fe03a59
github.com/apache/incubator-airflow/pull/2054
issues.apache.org/jira/browse/AIRFLOW-836