CVE-2021-27578 Vulnerability in maven package org.apache.zeppelin:zeppelin

Description

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/09/02/3

https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50%40%3Cusers.zeppelin.apache.org%3E

https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E

https://security.gentoo.org/glsa/202311-04

Related Vulnerabilities

CVE-2022-45386 Vulnerability in maven package org.jenkins-ci.plugins:violations

CVE-2019-10309 Vulnerability in maven package org.jenkins-ci.plugins:swarm

CVE-2022-31198 Vulnerability in npm package @openzeppelin/contracts-upgradeable

CVE-2022-24847 Vulnerability in maven package org.geoserver.community:gs-taskmanager-core

CVE-2020-6836 Vulnerability in maven package org.webjars.npm:hot-formula-parser

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N