Apache : Security Vulnerabilities, CVEs, Published In 2019 (CSRF)
A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.
Max CVSS
8.8
EPSS Score
0.08%
Published
2019-04-10
Updated
2019-04-11
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-01-23
Updated
2019-01-25
2 vulnerabilities found