You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Madhan Neethiraj <ma...@apache.org> on 2019/11/17 17:05:50 UTC

[CVE-2019-10070] Apache Atlas Stored XSS Vulnerability

Hello,

 

Please find below details on CVE fixed in Apache Atlas releases 0.8.4 and 1.2.0.

 

-------------------------------------------------------------------------------------------------

CVE-2019-10070:    Apache Atlas Stored XSS Vulnerability in the search functionality

Severity:          Critical

Vendor:            The Apache Software Foundation

Versions Affected: Apache Atlas versions 0.8.3, 1.1.0

Users affected:    Users of Apache Atlas UI search functionality

Description:       Apache Atlas UI was found vulnerable to stored XSS in the search functionality

Fix detail:        Apache Atlas was updated to sanitize the user input

Mitigation:        Users should upgrade to 0.8.4 or 1.2.0 or later version of Apache Atlas

Credit:            Jakub Heba

-------------------------------------------------------------------------------------------------

 

Thanks,

Madhan