Arbitrary JavaScript Execution Vulnerability in Apache Airflow

Arbitrary JavaScript Execution Vulnerability in Apache Airflow

CVE-2018-20244 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Learn more about our Cis Benchmark Audit For Apache Http Server.