Headline
CVE-2022-40754: Fix UI redirect by jedcunningham · Pull Request #26409 · apache/airflow
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver’s /confirm endpoint.
Conversation
Co-authored-by: Konstantin Weddige [email protected]
jedcunningham added a commit that referenced this issue
Sep 15, 2022
Co-authored-by: Konstantin Weddige [email protected] (cherry picked from commit 56e7555)
jedcunningham added a commit to astronomer/airflow that referenced this issue
Sep 19, 2022
Co-authored-by: Konstantin Weddige [email protected] (cherry picked from commit 56e7555)
Related news
GHSA-4fg5-j4mm-wfpg: Apache Airflow vulnerable to open redirect
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.