You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by "Rick Kellogg (JIRA)" <ji...@apache.org> on 2015/09/29 04:57:04 UTC

[jira] [Updated] (STORM-408) Cross-Site Scripting security vulnerability

     [ https://issues.apache.org/jira/browse/STORM-408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rick Kellogg updated STORM-408:
-------------------------------
    Component/s: storm-core

> Cross-Site Scripting security vulnerability
> -------------------------------------------
>
>                 Key: STORM-408
>                 URL: https://issues.apache.org/jira/browse/STORM-408
>             Project: Apache Storm
>          Issue Type: Bug
>          Components: storm-core
>    Affects Versions: 0.9.0.1
>         Environment: Java
>            Reporter: Anand Krishnan
>              Labels: security
>
> There are Cross-Site Scripting security vulnerabilities in Apache Storm.
> The risk is that it is possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user.
> The reason is that sanitation of hazardous characters was not performed correctly on user input.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)