{"schema_version": "1.6.1", "id": "CVE-2022-43982", "summary": "Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL", "details": "In Apache Airflow versions prior to 2.4.2, the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "unspecified"}, {"fixed": "2.4.2"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/apache/airflow/pull/27143"}, {"type": "ADVISORY", "url": "https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l"}]}