CVE-2023-47265

Summary

CVE-2023-47265 is a stored Cross-Site Scripting (XSS) vulnerability affecting Apache Airflow versions 2.6.0 through 2.7.3. This issue enables a DAG author to inject unbounded and unsanitized JavaScript code into the description field of a DAG. This code can be executed on the client-side of any user viewing the tasks in their browser. Although the vulnerability does not enable the attacker to leave the browser sandbox or manipulate server-side data, it allows for potential misleading of other users. To mitigate this risk, Apache Airflow users are advised to upgrade to version 2.8.0 or later.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.