{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7663?format=json","vulnerability_id":"VCID-xbt7-ks9g-c7gd","summary":"In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.","aliases":[{"alias":"CVE-2017-17835"},{"alias":"GHSA-68wv-rjrm-576p"},{"alias":"PYSEC-2019-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10576?format=json","purl":"pkg:pypi/apache-airflow@1.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-1ptn-xvsy-d3hu"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-2xpf-ut63-tbcx"},{"vulnerability":"VCID-37nw-x186-puds"},{"vulnerability":"VCID-4693-xwwu-7uem"},{"vulnerability":"VCID-4btd-59ga-1yd4"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-5j9w-1tng-k3ac"},{"vulnerability":"VCID-5ph5-s3qc-guf4"},{"vulnerability":"VCID-5qe8-jdbh-x7b4"},{"vulnerability":"VCID-5ufe-1rrj-rkgp"},{"vulnerability":"VCID-6hxm-nnhg-buex"},{"vulnerability":"VCID-7z8j-8f4d-53dm"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-91ta-vnkv-5ydh"},{"vulnerability":"VCID-9f34-2r5y-sydz"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-bgp2-bzbr-1uh5"},{"vulnerability":"VCID-bn9u-brjp-yudy"},{"vulnerability":"VCID-bxw8-918z-1be5"},{"vulnerability":"VCID-c1bw-f7ck-2ybw"},{"vulnerability":"VCID-ctd9-hxfn-8fcs"},{"vulnerability":"VCID-d3kc-fn21-xqar"},{"vulnerability":"VCID-dk1y-938p-k3bv"},{"vulnerability":"VCID-dp6s-jdma-a7cc"},{"vulnerability":"VCID-e19b-adrm-x7fu"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-fnsx-gtgn-27dr"},{"vulnerability":"VCID-gbgf-jfzt-tqg1"},{"vulnerability":"VCID-gg94-fdbv-y7g1"},{"vulnerability":"VCID-gt7b-5554-y7dq"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-kgfb-yphg-n3ec"},{"vulnerability":"VCID-krjr-ctw4-r3d3"},{"vulnerability":"VCID-ms13-tzaa-hkej"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-p42d-ta7v-7yhn"},{"vulnerability":"VCID-pb3b-22wk-pbh5"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-pqgj-ry81-6ua3"},{"vulnerability":"VCID-qxnw-7urw-fud2"},{"vulnerability":"VCID-r6fk-1tfv-wkgq"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-ssbp-gvfd-2kef"},{"vulnerability":"VCID-syqv-6kj7-j3e5"},{"vulnerability":"VCID-tcjg-f9cn-mubj"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-vy44-rbar-w3fn"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-x8g4-88t4-cqdz"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-ygjc-77t9-yfge"},{"vulnerability":"VCID-ykge-bnhg-g7c4"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-yz8w-uv1z-5ybw"},{"vulnerability":"VCID-zqdb-94dc-vqfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.9.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10573?format=json","purl":"pkg:pypi/apache-airflow@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-1ptn-xvsy-d3hu"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-2xpf-ut63-tbcx"},{"vulnerability":"VCID-37nw-x186-puds"},{"vulnerability":"VCID-4693-xwwu-7uem"},{"vulnerability":"VCID-4btd-59ga-1yd4"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-5j9w-1tng-k3ac"},{"vulnerability":"VCID-5ph5-s3qc-guf4"},{"vulnerability":"VCID-5qe8-jdbh-x7b4"},{"vulnerability":"VCID-5ufe-1rrj-rkgp"},{"vulnerability":"VCID-6hxm-nnhg-buex"},{"vulnerability":"VCID-7z8j-8f4d-53dm"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-91ta-vnkv-5ydh"},{"vulnerability":"VCID-9f34-2r5y-sydz"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-bgp2-bzbr-1uh5"},{"vulnerability":"VCID-bn9u-brjp-yudy"},{"vulnerability":"VCID-bxw8-918z-1be5"},{"vulnerability":"VCID-c1bw-f7ck-2ybw"},{"vulnerability":"VCID-ctd9-hxfn-8fcs"},{"vulnerability":"VCID-d3kc-fn21-xqar"},{"vulnerability":"VCID-dk1y-938p-k3bv"},{"vulnerability":"VCID-dp6s-jdma-a7cc"},{"vulnerability":"VCID-e19b-adrm-x7fu"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-fnsx-gtgn-27dr"},{"vulnerability":"VCID-gbgf-jfzt-tqg1"},{"vulnerability":"VCID-gg94-fdbv-y7g1"},{"vulnerability":"VCID-gt7b-5554-y7dq"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-kgfb-yphg-n3ec"},{"vulnerability":"VCID-krjr-ctw4-r3d3"},{"vulnerability":"VCID-ms13-tzaa-hkej"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-p42d-ta7v-7yhn"},{"vulnerability":"VCID-p9rb-ehta-2bhc"},{"vulnerability":"VCID-pb3b-22wk-pbh5"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-pqgj-ry81-6ua3"},{"vulnerability":"VCID-qxnw-7urw-fud2"},{"vulnerability":"VCID-r6fk-1tfv-wkgq"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-ssbp-gvfd-2kef"},{"vulnerability":"VCID-syqv-6kj7-j3e5"},{"vulnerability":"VCID-sz6v-udpx-wbav"},{"vulnerability":"VCID-tcjg-f9cn-mubj"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-vy44-rbar-w3fn"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-wm1m-yj2y-yfa3"},{"vulnerability":"VCID-x8g4-88t4-cqdz"},{"vulnerability":"VCID-xbt7-ks9g-c7gd"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-ygjc-77t9-yfge"},{"vulnerability":"VCID-ykge-bnhg-g7c4"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-yz8w-uv1z-5ybw"},{"vulnerability":"VCID-zqdb-94dc-vqfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10574?format=json","purl":"pkg:pypi/apache-airflow@1.8.2rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-1ptn-xvsy-d3hu"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-2xpf-ut63-tbcx"},{"vulnerability":"VCID-37nw-x186-puds"},{"vulnerability":"VCID-4693-xwwu-7uem"},{"vulnerability":"VCID-4btd-59ga-1yd4"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-5j9w-1tng-k3ac"},{"vulnerability":"VCID-5ph5-s3qc-guf4"},{"vulnerability":"VCID-5qe8-jdbh-x7b4"},{"vulnerability":"VCID-5ufe-1rrj-rkgp"},{"vulnerability":"VCID-6hxm-nnhg-buex"},{"vulnerability":"VCID-7z8j-8f4d-53dm"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-91ta-vnkv-5ydh"},{"vulnerability":"VCID-9f34-2r5y-sydz"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-bgp2-bzbr-1uh5"},{"vulnerability":"VCID-bn9u-brjp-yudy"},{"vulnerability":"VCID-bxw8-918z-1be5"},{"vulnerability":"VCID-c1bw-f7ck-2ybw"},{"vulnerability":"VCID-ctd9-hxfn-8fcs"},{"vulnerability":"VCID-d3kc-fn21-xqar"},{"vulnerability":"VCID-dk1y-938p-k3bv"},{"vulnerability":"VCID-dp6s-jdma-a7cc"},{"vulnerability":"VCID-e19b-adrm-x7fu"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-fnsx-gtgn-27dr"},{"vulnerability":"VCID-gbgf-jfzt-tqg1"},{"vulnerability":"VCID-gg94-fdbv-y7g1"},{"vulnerability":"VCID-gt7b-5554-y7dq"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-kgfb-yphg-n3ec"},{"vulnerability":"VCID-krjr-ctw4-r3d3"},{"vulnerability":"VCID-ms13-tzaa-hkej"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-p42d-ta7v-7yhn"},{"vulnerability":"VCID-p9rb-ehta-2bhc"},{"vulnerability":"VCID-pb3b-22wk-pbh5"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-pqgj-ry81-6ua3"},{"vulnerability":"VCID-qxnw-7urw-fud2"},{"vulnerability":"VCID-r6fk-1tfv-wkgq"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-ssbp-gvfd-2kef"},{"vulnerability":"VCID-syqv-6kj7-j3e5"},{"vulnerability":"VCID-sz6v-udpx-wbav"},{"vulnerability":"VCID-tcjg-f9cn-mubj"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-vy44-rbar-w3fn"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-wm1m-yj2y-yfa3"},{"vulnerability":"VCID-x8g4-88t4-cqdz"},{"vulnerability":"VCID-xbt7-ks9g-c7gd"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-ygjc-77t9-yfge"},{"vulnerability":"VCID-ykge-bnhg-g7c4"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-yz8w-uv1z-5ybw"},{"vulnerability":"VCID-zqdb-94dc-vqfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.2rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/10575?format=json","purl":"pkg:pypi/apache-airflow@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-1ptn-xvsy-d3hu"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-2xpf-ut63-tbcx"},{"vulnerability":"VCID-37nw-x186-puds"},{"vulnerability":"VCID-4693-xwwu-7uem"},{"vulnerability":"VCID-4btd-59ga-1yd4"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-5j9w-1tng-k3ac"},{"vulnerability":"VCID-5ph5-s3qc-guf4"},{"vulnerability":"VCID-5qe8-jdbh-x7b4"},{"vulnerability":"VCID-5ufe-1rrj-rkgp"},{"vulnerability":"VCID-6hxm-nnhg-buex"},{"vulnerability":"VCID-7z8j-8f4d-53dm"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-91ta-vnkv-5ydh"},{"vulnerability":"VCID-9f34-2r5y-sydz"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-bgp2-bzbr-1uh5"},{"vulnerability":"VCID-bn9u-brjp-yudy"},{"vulnerability":"VCID-bxw8-918z-1be5"},{"vulnerability":"VCID-c1bw-f7ck-2ybw"},{"vulnerability":"VCID-ctd9-hxfn-8fcs"},{"vulnerability":"VCID-d3kc-fn21-xqar"},{"vulnerability":"VCID-dk1y-938p-k3bv"},{"vulnerability":"VCID-dp6s-jdma-a7cc"},{"vulnerability":"VCID-e19b-adrm-x7fu"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-fnsx-gtgn-27dr"},{"vulnerability":"VCID-gbgf-jfzt-tqg1"},{"vulnerability":"VCID-gg94-fdbv-y7g1"},{"vulnerability":"VCID-gt7b-5554-y7dq"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-kgfb-yphg-n3ec"},{"vulnerability":"VCID-krjr-ctw4-r3d3"},{"vulnerability":"VCID-ms13-tzaa-hkej"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-p42d-ta7v-7yhn"},{"vulnerability":"VCID-p9rb-ehta-2bhc"},{"vulnerability":"VCID-pb3b-22wk-pbh5"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-pqgj-ry81-6ua3"},{"vulnerability":"VCID-qxnw-7urw-fud2"},{"vulnerability":"VCID-r6fk-1tfv-wkgq"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-ssbp-gvfd-2kef"},{"vulnerability":"VCID-syqv-6kj7-j3e5"},{"vulnerability":"VCID-sz6v-udpx-wbav"},{"vulnerability":"VCID-tcjg-f9cn-mubj"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-vy44-rbar-w3fn"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-wm1m-yj2y-yfa3"},{"vulnerability":"VCID-x8g4-88t4-cqdz"},{"vulnerability":"VCID-xbt7-ks9g-c7gd"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-ygjc-77t9-yfge"},{"vulnerability":"VCID-ykge-bnhg-g7c4"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-yz8w-uv1z-5ybw"},{"vulnerability":"VCID-zqdb-94dc-vqfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.2"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17835","reference_id":"","reference_type":"","scores":[{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61811","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17835"},{"reference_url":"https://github.com/advisories/GHSA-68wv-rjrm-576p","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68wv-rjrm-576p"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/673026c740411cc6447aede8c6a816460fe03a59","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/673026c740411cc6447aede8c6a816460fe03a59"},{"reference_url":"https://github.com/apache/airflow/commit/6aca2c2d395952341ab1b201c59011920b5a5c77","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/6aca2c2d395952341ab1b201c59011920b5a5c77"},{"reference_url":"https://github.com/apache/airflow/commit/c9dc9263986c1a55520ba44b6e5b0fcbd6c48712","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/c9dc9263986c1a55520ba44b6e5b0fcbd6c48712"},{"reference_url":"https://github.com/apache/airflow/commit/dca5e7d116b5c8b103df13f89f061757c13c41ae","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/dca5e7d116b5c8b103df13f89f061757c13c41ae"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-148.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-148.yaml"},{"reference_url":"https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17835","reference_id":"CVE-2017-17835","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17835"}],"weaknesses":[{"cwe_id":352,"name":"Cross-Site Request Forgery (CSRF)","description":"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbt7-ks9g-c7gd"}