0.001 Low
EPSS
Percentile
40.2%
apache_airflow is vulnerable to cross-site scripting. The vulnerability is due to the origin query argument in the get_safe_url function of views.py which allows an attacker to inject and execute arbitrary scripts.
get_safe_url
views.py
github.com/advisories/GHSA-h63r-9xxf-f2c7
github.com/apache/airflow/commit/68cb2daa410a72bcfb548587747afc9c5b946d11
github.com/apache/airflow/pull/27143
lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l