{"schema_version": "1.6.1", "id": "CVE-2021-45229", "summary": "Apache Airflow: Reflected XSS via Origin Query Argument in URL", "details": "It was discovered that the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument.\n\nThis issue affects Apache Airflow versions 2.2.3 and below. ", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "unspecified"}, {"fixed": "2.2.4"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk"}]}