Moderate severityNVD Advisory· Published Oct 30, 2019· Updated Aug 4, 2024
CVE-2019-12417
CVE-2019-12417
Description
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
airflowPyPI | < 1.10.6 | 1.10.6 |
Affected products
2- Airflow/Airflowdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-q3p4-gw7r-wqjcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-12417ghsaADVISORY
- github.com/apache/airflow/commit/caf1f264b845153b9a61b00b1a57acb7c320e743ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-216.yamlghsaWEB
- lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc%40%3Cusers.airflow.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc@%3Cusers.airflow.apache.org%3EghsaWEB
News mentions
0No linked articles in our index yet.