Skip to main content
CVE-2021-28359 MEDIUM PATCH This Month

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Python Airflow
NVD
CVSS 3.1
6.1
EPSS
14.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy