You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by "Will Harmon (JIRA)" <ji...@apache.org> on 2016/08/17 21:57:20 UTC

[jira] [Created] (HDFS-10774) Reflective XSS and HTML injection vulnerability

Will Harmon created HDFS-10774:
----------------------------------

             Summary: Reflective XSS and HTML injection vulnerability
                 Key: HDFS-10774
                 URL: https://issues.apache.org/jira/browse/HDFS-10774
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: security
    Affects Versions: 2.0.0-alpha
            Reporter: Will Harmon


I’m assessing my customer's Apache Hadoop 2.0.0-CDH4.7.0 installation, and I came across an XSS and HTML injection vulnerability. Although my customer instance is 2.0.0, newer versions are also likely vulnerable. I’d like to provide more details about my finding but first want to ensure I’m communicating with the correct group. Please let me know if you would like to know more and how I can securely share my findings.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org