Description
Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.
Remediation
References
http://www.openwall.com/lists/oss-security/2021/09/02/3
https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50%40%3Cusers.zeppelin.apache.org%3E
https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E
https://security.gentoo.org/glsa/202311-04
Related Vulnerabilities
CVE-2022-25352 Vulnerability in npm package libnested
CVE-2020-15999 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-29438 Vulnerability in npm package dialogs
CVE-2023-42795 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2023-47326 Vulnerability in maven package org.silverpeas.core:silverpeas-core