Will Harmon created HDFS-10774:
----------------------------------
Summary: Reflective XSS and HTML injection vulnerability
Key: HDFS-10774
URL: https://issues.apache.org/jira/browse/HDFS-10774
Project: Hadoop HDFS
Issue Type: Bug
Components: security
Affects Versions: 2.0.0-alpha
Reporter: Will Harmon
I’m assessing my customer's Apache Hadoop 2.0.0-CDH4.7.0 installation, and I
came across an XSS and HTML injection vulnerability. Although my customer
instance is 2.0.0, newer versions are also likely vulnerable. I’d like to
provide more details about my finding but first want to ensure I’m
communicating with the correct group. Please let me know if you would like to
know more and how I can securely share my findings.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
