{"schema_version": "1.6.1", "id": "CVE-2020-17513", "summary": "CWE-918 Server-Side Request Forgery (SSRF) in Apache Airflow", "details": "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache Airflow"}, {"fixed": "1.10.13"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E"}]}