org.apache.zeppelin is vulnerable to cross-site scripting. An attacker is able to exploit the vulnerability by injecting malicious scripts via the addValueToLine
function.
CPE | Name | Operator | Version |
---|---|---|---|
zeppelin: neo4j interpreter | le | 0.9.0-preview2 | |
zeppelin: neo4j interpreter | le | 0.9.0-preview2 |
www.openwall.com/lists/oss-security/2021/09/02/3
lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50@%3Cusers.zeppelin.apache.org%3E
lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E
lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cusers.zeppelin.apache.org%3E