Hi Jeff, others,

Can you please provide additional information regarding this vulnerability. 
Please include the following information:

 * Technical description of vulnerability, how users determine whether they are 
impacted. Maybe this is satisfied by one of the following items:
 * Relevant issue in Zeppelin Jira issue tracker.
 * Link to pull request or commit containing the fix.
 * List of released versions containing the fix.

I would also highly suggest providing these additional details in one of the 
vulnerability databases (e.g. https://nvd.nist.gov/vuln/detail/CVE-2021-27578) 
so that users have a better understanding of the impact and solutions.
[https://nvd.nist.gov/site-media/images/NVD_NVD_Stack_Plain.svg]<https://nvd.nist.gov/vuln/detail/CVE-2021-27578>
NVD - CVE-2021-27578<https://nvd.nist.gov/vuln/detail/CVE-2021-27578>
This vulnerability is currently undergoing analysis and not all information is 
available. Please check back soon to view the completed vulnerability summary. 
Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin 
allows an attacker to inject malicious scripts. This issue ...
nvd.nist.gov
Many thanks,

Michiel

On 2021/09/02 16:07:42, Jeff Zhang <z...@apache.org> wrote:
> Description:>
>
> Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin 
> allows an attacker to inject malicious scripts. This issue affects Apache 
> Zeppelin Apache Zeppelin versions prior to 0.9.0.>
>
> Credit:>
>
> Apache Zeppelin would like to thank Paulo Pacheco for reporting this issue >
>
>

Reply via email to