{ "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-08-06T00:00:00", "ID": "CVE-2017-12614", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Airflow", "version": { "version_data": [ { "version_value": "< 1.9.0" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "XSS Vulnerability" } ] } ] }, "references": { "reference_data": [ { "name": "[dev] 20180806 CVE-2017-12614 XSS Vulnerability in Airflow < 1.9", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f@%3Cdev.airflow.apache.org%3E" } ] } }