You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Jeff Zhang <zj...@apache.org> on 2021/09/02 16:07:42 UTC

CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter

Description:

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts.  This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

Credit:

Apache Zeppelin would like to thank Paulo Pacheco for reporting this issue