Details
Description
I’m assessing my customer's Apache Hadoop 2.0.0-CDH4.7.0 installation, and I came across an XSS and HTML injection vulnerability. Although my customer instance is 2.0.0, newer versions are also likely vulnerable. I’d like to provide more details about my finding but first want to ensure I’m communicating with the correct group. Please let me know if you would like to know more and how I can securely share my findings.