CVE-2018-1328: Cross-site Scripting

April 23, 2019 (updated April 24, 2019)

Apache Zeppelin suffers from a stored Cross-site Scripting (XSS) issue via Note permissions.

References

www.securityfocus.com/bid/108047
lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06@%3Cusers.zeppelin.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2018-1328
zeppelin.apache.org/releases/zeppelin-release-0.8.0.html

Code Behaviors & Features

Detect and mitigate CVE-2018-1328 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →