oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2019-10070] Apache Atlas Stored XSS Vulnerability

From: Madhan Neethiraj <madhan () apache org>
Date: Sun, 17 Nov 2019 09:13:53 -0800
Hello,

Please find below details on CVE fixed in Apache Atlas releases 0.8.4 and 1.2.0.

-------------------------------------------------------------------------------------------------
CVE-2019-10070:    Apache Atlas Stored XSS Vulnerability in the search functionality
Severity:          Critical
Vendor:            The Apache Software Foundation
Versions Affected: Apache Atlas versions 0.8.3, 1.1.0
Users affected:    Users of Apache Atlas UI search functionality
Description:       Apache Atlas UI was found vulnerable to stored XSS in the search functionality
Fix detail:        Apache Atlas was updated to sanitize the user input
Mitigation:        Users should upgrade to 0.8.4 or 1.2.0 or later version of Apache Atlas
Credit:            Jakub Heba
-------------------------------------------------------------------------------------------------

Thanks,
Madhan
Previous By Date Next
Previous By Thread Next

Current thread: