CVE-2021-27578 Vulnerability in maven package org.apache.zeppelin:zeppelin

Description

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/09/02/3

https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50%40%3Cusers.zeppelin.apache.org%3E

https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E

https://security.gentoo.org/glsa/202311-04

Related Vulnerabilities

CVE-2023-46493 Vulnerability in npm package @evershop/evershop

CVE-2021-21479 Vulnerability in maven package com.sap.scimono:scimono-server

CVE-2022-45598 Vulnerability in npm package @joplin/renderer

CVE-2022-36893 Vulnerability in maven package org.jenkins-ci.plugins:rpmsign-plugin

CVE-2019-10363 Vulnerability in maven package io.jenkins:configuration-as-code

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N