{"id":"CVE-2017-17835","details":"In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.","aliases":["GHSA-68wv-rjrm-576p","PYSEC-2019-148"],"modified":"2026-04-10T03:58:57.719160Z","published":"2019-01-23T17:29:00.303Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/airflow","events":[{"introduced":"0"},{"last_affected":"0eb7862730c68d25ebbabf1988d66d50dd988bb0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.8.2"}]}}],"versions":["0.1","0.11","0.2","0.2.1","0.2.2","0.2.3","0.3","0.3.1","0.3.2","0.4","0.4.1","0.4.2","0.4.3","0.4.5","0.5.0","1.0.1","1.1.0","1.1.1","1.2.0","1.3.0","1.4.0","1.5.0","1.5.1","1.6.0","1.6.1","1.7.0rc1","1.7.1rc1","1.8.2","1.8.2rc1","1.8.2rc2","1.8.2rc3","1.8.2rc4","airbnb_1.7.1rc1","airbnb_1.7.1rc10","airbnb_1.7.1rc3","airbnb_prod.1.6.1.0","airbnb_prod.1.6.1.1","airbnb_prod.1.6.1.2","airbnb_prod.1.6.1.3","airbnb_prod.1.6.1.4","airbnb_prod.1.6.1.5","airbnb_prod.1.6.2.4","airbnb_prod.1.6.2.5","airbnb_prod.1.6.2.7","airbnb_prod.1.6.2.8","airbnb_prod.1.6.2.9","v1.8.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17835.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}