CVE-2021-27578 – org.apache.zeppelin:zeppelin

Package

Manager: maven
Name: org.apache.zeppelin:zeppelin
Vulnerable Version: >=0 <0.9.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.05044 pctl0.89346

Details

Cross-site Scripting in Apache Zeppelin Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

Metadata

Created: 2021-09-07T22:55:56Z
Modified: 2021-09-10T16:49:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-mf7q-gw5f-q8jj/GHSA-mf7q-gw5f-q8jj.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-mf7q-gw5f-q8jj
Finding: F425
Auto approve: 1