Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-10774

Reflective XSS and HTML injection vulnerability

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.0.0-alpha
    • Fix Version/s: None
    • Component/s: security
    • Labels:
    • Tags:
      bug vulnerability
    • Flags:
      Important

      Description

      I’m assessing my customer's Apache Hadoop 2.0.0-CDH4.7.0 installation, and I came across an XSS and HTML injection vulnerability. Although my customer instance is 2.0.0, newer versions are also likely vulnerable. I’d like to provide more details about my finding but first want to ensure I’m communicating with the correct group. Please let me know if you would like to know more and how I can securely share my findings.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              warmon Will Harmon
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: