JavaScript Injection Vulnerability in Apache UIMA DUCC Web Application
CVE-2018-8035

6.1MEDIUM

Key Information:

Vendor

Apache
Status
Apache Uima Ducc
Vendor
CVE Published:
1 May 2019

What is CVE-2018-8035?

This vulnerability affects the Apache UIMA DUCC web application by allowing potential JavaScript injection through insufficient filtering of user-supplied input data. Running in the user's browser, the JavaScript component may unintentionally execute maliciously crafted code provided by the user, which could lead to various forms of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache UIMA DUCC Apache UIMA DUCC releases including and prior to 2.2.2

References

https://uima.apache.org/security_report
x_refsource_CONFIRM
http://www.securityfocus.com/bid/108195
vdb-entryx_refsource_BID
https://lists.apache.org/thread.html/2f49681259b375d53431...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.