CVE-2020-35774

Cross-site Scripting in maven/com.twitter/twitter-server

Identifier

CVE-2020-35774

Package Slug

maven/com.twitter/twitter-server

Vulnerability

Cross-site Scripting

Description

server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server), in some configurations, allows XSS via the /histograms endpoint.

Affected Versions

All versions before 20.12.0

Solution

Upgrade to version 20.12.0 or higher.

Last Modified

2021-01-01

source