CVE-2018-1000129: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 14, 2022 (updated June 30, 2022)

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim’s browser.

References

access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2018:3817
github.com/advisories/GHSA-hfpg-gqjw-779m
github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f
github.com/rhuss/jolokia/releases/tag/v1.5.0
jolokia.org/
nvd.nist.gov/vuln/detail/CVE-2018-1000129

Code Behaviors & Features

Detect and mitigate CVE-2018-1000129 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →