CVE-2021-27578

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:58

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2021/09/02/3 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/09/02/3 - Mailing List, Third Party Advisory
References () https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50%40%3Cusers.zeppelin.apache.org%3E - () https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50%40%3Cusers.zeppelin.apache.org%3E -
References () https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cannounce.apache.org%3E - () https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cannounce.apache.org%3E -
References () https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E - Mailing List, Vendor Advisory () https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E - Mailing List, Vendor Advisory
References () https://security.gentoo.org/glsa/202311-04 - () https://security.gentoo.org/glsa/202311-04 -

24 Nov 2023, 14:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cusers.zeppelin.apache.org%3E', 'name': '[zeppelin-users] 20210902 CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cannounce.apache.org%3E', 'name': '[announce] 20210902 CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50@%3Cusers.zeppelin.apache.org%3E', 'name': '[zeppelin-users] 20210928 Re: CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cannounce.apache.org%3E -
  • () https://security.gentoo.org/glsa/202311-04 -
  • () https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50%40%3Cusers.zeppelin.apache.org%3E -

18 Nov 2021, 15:25

Type Values Removed Values Added
References (MLIST) https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50@%3Cusers.zeppelin.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50@%3Cusers.zeppelin.apache.org%3E - Mailing List, Vendor Advisory

28 Sep 2021, 10:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50@%3Cusers.zeppelin.apache.org%3E -

09 Sep 2021, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
References (MLIST) https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cusers.zeppelin.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cusers.zeppelin.apache.org%3E - Mailing List, Vendor Advisory
References (MISC) https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E - (MISC) https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E - Mailing List, Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/09/02/3 - (MLIST) http://www.openwall.com/lists/oss-security/2021/09/02/3 - Mailing List, Third Party Advisory, Vendor Advisory
References (MLIST) https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cannounce.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory
CPE cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*
CWE CWE-79

02 Sep 2021, 22:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cannounce.apache.org%3E -

02 Sep 2021, 21:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/09/02/3 -

02 Sep 2021, 18:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cusers.zeppelin.apache.org%3E -

02 Sep 2021, 17:21

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-02 17:15

Updated : 2024-11-21 05:58


NVD link : CVE-2021-27578

Mitre link : CVE-2021-27578

CVE.ORG link : CVE-2021-27578


JSON object : View

Products Affected

apache

  • zeppelin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')