CVE-2021-27578 Vulnerability in maven package org.apache.zeppelin:zeppelin

Description

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/09/02/3

https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50%40%3Cusers.zeppelin.apache.org%3E

https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E

https://security.gentoo.org/glsa/202311-04

Related Vulnerabilities

CVE-2022-45935 Vulnerability in maven package org.apache.james:apache-mailet-standard

CVE-2019-15953 Vulnerability in npm package total.js

CVE-2019-10306 Vulnerability in maven package org.jenkins-ci.plugins:ontrack

CVE-2023-44487 Vulnerability in maven package io.netty:netty-codec-http2

CVE-2023-40816 Vulnerability in maven package org.opencrx:opencrx-core-models

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N