CVE-2020-21485: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

June 20, 2023 (updated June 27, 2023)

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.

References

github.com/Alluxio/alluxio/issues/10552
github.com/advisories/GHSA-298m-hvgh-x9cw
nvd.nist.gov/vuln/detail/CVE-2020-21485

Detect and mitigate CVE-2020-21485 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →