VDB
CVE-2021-27578
CVE-2021-27578
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.
EPSS 0.70% · 72.4th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
0.70%
72.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.apache.zeppelin:zeppelin | 0 |
| apache | zeppelin | 0 |
| Apache Software Foundation | Apache Zeppelin | Apache Zeppelin |
Timeline
- Sep 2, 2021 CVE Published
- Sep 3, 2021 EPSS Score
- Sep 29, 2021 EPSS Score
- Oct 5, 2021 EPSS Score
- Oct 31, 2021 EPSS Score
- Dec 28, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 24, 2022 EPSS Score
- Apr 23, 2022 EPSS Score
- Jun 19, 2022 EPSS Score
- Oct 14, 2022 EPSS Score
- Dec 11, 2022 EPSS Score
References
- https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d%40%3Cusers.zeppelin.apache.org%3E url
- [oss-security] 20210902 CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter mailing-list
- [announce] 20210902 CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter mailing-list
- [zeppelin-users] 20210928 Re: CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter mailing-list
- GLSA-202311-04 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-27578 advisory
- https://github.com/apache/zeppelin package
- https://lists.apache.org/thread.html/r31012f2c8e39a5e12e14c1de030012cb8b51c037d953d73b291b7b50@%3Cusers.zeppelin.apache.org%3E url
- https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cannounce.apache.org%3E url
- https://lists.apache.org/thread.html/r90590aa5ea788128ecc2e822e1e64d5200b4cb92b06707b38da4cb3d@%3Cusers.zeppelin.apache.org%3E url