CVE-2020-13928: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

February 10, 2022

Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.

References

github.com/advisories/GHSA-h6xq-3h62-99qx
lists.apache.org/thread.html/ra468036f913be41b0c8fea74f91d53e273b0bfa838a4b140a5dcd463%40%3Cuser.atlas.apache.org%3E
mvnrepository.com/artifact/org.apache.atlas/apache-atlas
nvd.nist.gov/vuln/detail/CVE-2020-13928

Detect and mitigate CVE-2020-13928 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →