{"url":"http://public2.vulnerablecode.io/api/packages/81062?format=json","purl":"pkg:pypi/apache-airflow@2.0.0a1","type":"pypi","namespace":"","name":"apache-airflow","version":"2.0.0a1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.2.2","latest_non_vulnerable_version":"3.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35787?format=json","vulnerability_id":"VCID-ks8d-9vr8-4feh","summary":"The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28359","reference_id":"","reference_type":"","scores":[{"value":"0.02558","scoring_system":"epss","scoring_elements":"0.85786","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02558","scoring_system":"epss","scoring_elements":"0.85808","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28359"},{"reference_url":"https://github.com/advisories/GHSA-3xxv-p78r-4fc6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3xxv-p78r-4fc6"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2fef2ab1bf0f8c727a503940c9c65fd5be208386","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2fef2ab1bf0f8c727a503940c9c65fd5be208386"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-4.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-4.yaml"},{"reference_url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28359","reference_id":"CVE-2021-28359","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28359"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21648?format=json","purl":"pkg:pypi/apache-airflow@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fj3-3bdw-nbch"},{"vulnerability":"VCID-1w96-f72k-ryap"},{"vulnerability":"VCID-29g4-vwe3-2kh2"},{"vulnerability":"VCID-2ajq-ewgt-b7c5"},{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4dm5-fm66-xyea"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4jpp-1y1j-pub1"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5jyk-dgtu-zfhd"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6d41-f8bx-xkh1"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-7a12-nqbv-7fe1"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-djdy-z9r3-s3a2"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ej1r-mp6n-gudd"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gxvn-spkx-9qea"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-me8m-415b-g3fx"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pu6f-xhvm-q3du"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qfsu-w1gc-6fcj"},{"vulnerability":"VCID-qg28-p7e1-g3bj"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-rkeh-vuxg-ubgn"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-tbb9-myv7-a7h4"},{"vulnerability":"VCID-tcvd-eys5-1qhf"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-v7y9-5tsg-wyhe"},{"vulnerability":"VCID-w56f-fmkf-dkfv"},{"vulnerability":"VCID-w5aw-fb9r-uydg"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"},{"vulnerability":"VCID-z4aj-mkes-tube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2"}],"aliases":["BIT-airflow-2021-28359","CVE-2021-28359","GHSA-3xxv-p78r-4fc6","PYSEC-2021-4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ks8d-9vr8-4feh"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0a1"}