Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1E3D402E-6B24-473A-B858-296847B072A4@apache.org>
Date: Sun, 17 Nov 2019 09:13:53 -0800
From: Madhan Neethiraj <madhan@...che.org>
To: <oss-security@...ts.openwall.com>
CC: "private@...as.apache.org" <private@...as.apache.org>
Subject: [CVE-2019-10070] Apache Atlas Stored XSS Vulnerability

Hello,

Please find below details on CVE fixed in Apache Atlas releases 0.8.4 and 1.2.0.

-------------------------------------------------------------------------------------------------
CVE-2019-10070:    Apache Atlas Stored XSS Vulnerability in the search functionality
Severity:          Critical
Vendor:            The Apache Software Foundation
Versions Affected: Apache Atlas versions 0.8.3, 1.1.0
Users affected:    Users of Apache Atlas UI search functionality
Description:       Apache Atlas UI was found vulnerable to stored XSS in the search functionality
Fix detail:        Apache Atlas was updated to sanitize the user input
Mitigation:        Users should upgrade to 0.8.4 or 1.2.0 or later version of Apache Atlas
Credit:            Jakub Heba
-------------------------------------------------------------------------------------------------

Thanks,
Madhan

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.