Description
Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.
Remediation
References
http://www.openwall.com/lists/oss-security/2021/09/02/3
https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50%40%3Cusers.zeppelin.apache.org%3E
https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E
https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E
https://security.gentoo.org/glsa/202311-04
Related Vulnerabilities
CVE-2022-45935 Vulnerability in maven package org.apache.james:apache-mailet-standard
CVE-2019-15953 Vulnerability in npm package total.js
CVE-2019-10306 Vulnerability in maven package org.jenkins-ci.plugins:ontrack
CVE-2023-44487 Vulnerability in maven package io.netty:netty-codec-http2
CVE-2023-40816 Vulnerability in maven package org.opencrx:opencrx-core-models