Cross Site Scripting in markdown interpreter
CVE-2021-27578

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Zeppelin
Vendor: CVE Published:; 2 September 2021

Summary

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

Affected Version(s)

Apache Zeppelin Apache Zeppelin < 0.9.0

References

https://lists.apache.org/thread.html/r90590aa5ea788128ecc...

mailing-list

http://www.openwall.com/lists/oss-security/2021/09/02/3

mailing-list

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 2, 2021
Vulnerability Reserved
Feb 23, 2021

Credit

Apache Zeppelin would like to thank Paulo Pacheco for reporting this issue