oss-sec mailing list archives

CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter

From: Jeff Zhang <zjffdu () apache org>
Date: Thu, 02 Sep 2021 16:07:42 +0000

Description:

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious 
scripts.  This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

Credit:

Apache Zeppelin would like to thank Paulo Pacheco for reporting this issue

Current thread:

CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter Jeff Zhang (Sep 02)