CVE-2021-27578 Vulnerability in maven package org.apache.zeppelin:zeppelin

Description

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

Remediation

References

https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E

http://www.openwall.com/lists/oss-security/2021/09/02/3

https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50%40%3Cusers.zeppelin.apache.org%3E

https://security.gentoo.org/glsa/202311-04

Related Vulnerabilities

CVE-2023-29516 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui

CVE-2019-10336 Vulnerability in maven package org.jenkins-ci.plugins:electricflow

CVE-2022-23615 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2021-43788 Vulnerability in npm package nodebb

CVE-2022-34795 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N