unsubscribe
On Fri, Mar 21, 2025 at 9:30 AM Arnout Engelen <enge...@apache.org> wrote:
> Severity: moderate
>
> Affected versions:
>
> - Apache Oozie: all versions
>
> Description:
>
> ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During
> Web Page Generation ('Cross-site Scripting') vulnerability in Apache Oozie.
>
> This issue affects Apache Oozie: all versions.
>
> As this project is retired, we do not plan to release a version that fixes
> this issue. Users are recommended to find an alternative or restrict access
> to the instance to trusted users.
>
> NOTE: This vulnerability only affects products that are no longer
> supported by the maintainer.
>
> Credit:
>
> Nikhil Daf (finder)
>
> References:
>
> https://oozie.apache.org/
> https://www.cve.org/CVERecord?id=CVE-2025-26796
>
>
