{"id":"CVE-2020-17513","details":"In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.","aliases":["BIT-airflow-2020-17513","GHSA-6r3p-fcvm-xh7c","PYSEC-2020-20"],"modified":"2026-04-11T20:33:38.298634Z","published":"2020-12-14T10:15:12.687Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/airflow","events":[{"introduced":"0"},{"fixed":"6fde534efa17fc9bca03531089b3bccd0fc3c96b"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.10.13"}]}}],"versions":["constraints-1.10.1","constraints-1.10.10","constraints-1.10.11","constraints-1.10.12","constraints-1.10.2","constraints-1.10.3","constraints-1.10.4","constraints-1.10.5","constraints-1.10.6","constraints-1.10.7","constraints-1.10.8","constraints-1.10.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17513.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}