Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-2492

JSON security issue in js code

    XMLWordPrintableJSON

    Details

      Description

      JSON parsing is done using the eval js method in several places in the oozie-console.js, which allows code injection.
      The project already contains a json parser library, which should be used all around the code.
      We are aware that most of the json documents parsed are from the oozie server, and not from the user directly. However fixing it all will make the code most robust and consistent.

        Attachments

        1. OOZIE-2492-1.patch
          6 kB
          Ferenc Denes

          Activity

            People

            • Assignee:
              fdenes Ferenc Denes
              Reporter:
              fdenes Ferenc Denes
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: