----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65053/ -----------------------------------------------------------
(Updated Jan. 11, 2018, 12:26 a.m.) Review request for sentry, Brian Towles, kalyan kumar kalvagadda, and Sergio Pena. Summary (updated) ----------------- SENTRY-2120: Potential cross-site scripting in LogLevelServlet Repository: sentry Description (updated) ------- HTTP parameter is directly written to Servlet error page. Echoing this untrusted input allows for a reflected cross site scripting. See http://en.wikipedia.org/wiki/Cross-site_scripting for more information. Diffs ----- sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java fce41a8 Diff: https://reviews.apache.org/r/65053/diff/1/ Testing ------- Thanks, Na Li
