Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-4179

Update version of Bootstrap, jQuery in use

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security, ui
    • Labels:
      None

      Description

      "The Airflow application utilises the following three outdated libraries that contain publicly disclosed security vulnerabilities:
      -bootstrap 3.3.5
      -moment.js 2.9.0
      -jQuery 2.1.4"

      Business Impact/Attack Scenario
      The out of date libraries are vulnerable attacks such as cross-site scripting (XSS), which can be used to steal credentials, perform unauthorised actions, redirect the user to a malicious site or track the user's actions, or denial of service attacks.

      Recommendation
      "Update libraries to the latest versions at the time of writing as listed below. If old libraries are required for compatability reasons, update to the latest version of the legacy branch and review whether the application is using the vulnerable component to determine whether additional sanitisation of input may be required.

      Latest versions:
      -bootstrap 4.3.1
      -moment.js 2.19.3
      -jQuery 3.3.1"

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              toopt4 t oo
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: