oss-sec mailing list archives
[CVE-2019-10070] Apache Atlas Stored XSS Vulnerability
From: Madhan Neethiraj <madhan () apache org>
Date: Sun, 17 Nov 2019 09:13:53 -0800
Hello, Please find below details on CVE fixed in Apache Atlas releases 0.8.4 and 1.2.0. ------------------------------------------------------------------------------------------------- CVE-2019-10070: Apache Atlas Stored XSS Vulnerability in the search functionality Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Atlas versions 0.8.3, 1.1.0 Users affected: Users of Apache Atlas UI search functionality Description: Apache Atlas UI was found vulnerable to stored XSS in the search functionality Fix detail: Apache Atlas was updated to sanitize the user input Mitigation: Users should upgrade to 0.8.4 or 1.2.0 or later version of Apache Atlas Credit: Jakub Heba ------------------------------------------------------------------------------------------------- Thanks, Madhan
Current thread:
- [CVE-2019-10070] Apache Atlas Stored XSS Vulnerability Madhan Neethiraj (Nov 17)