CVE-2018-8035: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 14, 2019 (updated August 3, 2021)

This vulnerability relates to the user’s browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user’s browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.

References

github.com/advisories/GHSA-vm59-329q-p468
nvd.nist.gov/vuln/detail/CVE-2018-8035

Detect and mitigate CVE-2018-8035 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →