Description
Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.
Remediation
References
https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/09/02/3
https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50%40%3Cusers.zeppelin.apache.org%3E
https://security.gentoo.org/glsa/202311-04
Related Vulnerabilities
CVE-2022-42003 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2023-25762 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-build-step
CVE-2023-24998 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-22984 Vulnerability in npm package snyk-python-plugin