hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Will Harmon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-10774) Reflective XSS and HTML injection vulnerability
Date Thu, 18 Aug 2016 15:11:21 GMT

    [ https://issues.apache.org/jira/browse/HDFS-10774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15426608#comment-15426608
] 

Will Harmon commented on HDFS-10774:
------------------------------------

Jason,

Thanks very much for your reply. I emailed them on August 8th and they haven't replied. Since
you confirmed they are the group to contact, I'll keep bugging them.

Take care,

Will



On Thu, Aug 18, 2016 at 10:00 AM -0400, "Jason Lowe (JIRA)" <jira@apache.org<mailto:jira@apache.org>>
wrote:


    [ https://issues.apache.org/jira/browse/HDFS-10774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15426512#comment-15426512
]

Jason Lowe commented on HDFS-10774:
-----------------------------------

Security issues can be mailed to security@hadoop.apache.org.  See http://hadoop.apache.org/mailing_lists.html#Security
for details and pointers to other mailing lists.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


> Reflective XSS and HTML injection vulnerability
> -----------------------------------------------
>
>                 Key: HDFS-10774
>                 URL: https://issues.apache.org/jira/browse/HDFS-10774
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.0-alpha
>            Reporter: Will Harmon
>              Labels: security
>
> I’m assessing my customer's Apache Hadoop 2.0.0-CDH4.7.0 installation, and I came across
an XSS and HTML injection vulnerability. Although my customer instance is 2.0.0, newer versions
are also likely vulnerable. I’d like to provide more details about my finding but first
want to ensure I’m communicating with the correct group. Please let me know if you would
like to know more and how I can securely share my findings.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message