[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2019-10070] Apache Atlas Stored XSS Vulnerability
From: Madhan Neethiraj <madhan () apache ! org>
Date: 2019-11-17 17:13:53
Message-ID: 1E3D402E-6B24-473A-B858-296847B072A4 () apache ! org
[Download RAW message or body]
Hello,
Please find below details on CVE fixed in Apache Atlas releases 0.8.4 and 1.2.0.
-------------------------------------------------------------------------------------------------
CVE-2019-10070: Apache Atlas Stored XSS Vulnerability in the search functionality
Severity: Critical
Vendor: The Apache Software Foundation
Versions Affected: Apache Atlas versions 0.8.3, 1.1.0
Users affected: Users of Apache Atlas UI search functionality
Description: Apache Atlas UI was found vulnerable to stored XSS in the search functionality
Fix detail: Apache Atlas was updated to sanitize the user input
Mitigation: Users should upgrade to 0.8.4 or 1.2.0 or later version of Apache Atlas
Credit: Jakub Heba
-------------------------------------------------------------------------------------------------
Thanks,
Madhan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic