Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2eHEtM2g2Mi05OXF4
Cross-site scripting in Apache Atlas
Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.
Permalink: https://github.com/advisories/GHSA-h6xq-3h62-99qxJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2eHEtM2g2Mi05OXF4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-h6xq-3h62-99qx, CVE-2020-13928
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-13928
- https://lists.apache.org/thread.html/ra468036f913be41b0c8fea74f91d53e273b0bfa838a4b140a5dcd463%40%3Cuser.atlas.apache.org%3E
- https://mvnrepository.com/artifact/org.apache.atlas/apache-atlas
- https://github.com/advisories/GHSA-h6xq-3h62-99qx
Affected Packages
maven:org.apache.atlas:apache-atlas
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: < 2.1.0
Fixed in: 2.1.0
All affected versions: 0.8.1, 0.8.2, 0.8.3, 0.8.4, 1.0.0, 1.1.0, 1.2.0, 2.0.0
All unaffected versions: 2.1.0, 2.2.0, 2.3.0