CVE-2020-13928

MEDIUM6.1EPSS 1.9%

Cross-site scripting in Apache Atlas

發布日:2022/2/10修改日:2023/11/8

描述

Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.

受影響套件(1)

Maven/org.apache.atlas:apache-atlasfrom 0, < 2.1.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-13928
WEBhttps://lists.apache.org/thread.html/ra468036f913be41b0c8fea74f91d53e273b0bfa838a4b140a5dcd463%40%3Cuser.atlas.apache.org%3E
WEBhttps://mvnrepository.com/artifact/org.apache.atlas/apache-atlas