[jira] [Updated] (DRILL-7276) xss(bug) in apache drill Web UI latest verion 1.16.0 when authenticated
[ https://issues.apache.org/jira/browse/DRILL-7276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arina Ielchiieva updated DRILL-7276: Fix Version/s: 1.17.0 > xss(bug) in apache drill Web UI latest verion 1.16.0 when authenticated > > > Key: DRILL-7276 > URL: https://issues.apache.org/jira/browse/DRILL-7276 > Project: Apache Drill > Issue Type: Bug > Components: Web Server >Affects Versions: 1.16.0 >Reporter: shuiboye >Assignee: Anton Gozhiy >Priority: Major > Fix For: 1.17.0 > > Attachments: 1.png, 2.png, 4.png > > > In the query page,I select the "SQL" of the "Query Type" and in the "Query" > field I input "*select '' FROM cp.`employee.json`*". > !1.png! > After submitting,I get the Query Profile whose url is > "*[http://127.0.0.1:8047/profiles/231beb11-4b43-0762-8b90-76a9af2edd24]*";. > !2.png! > Any user who visits the profile page and clicks "JSON profile" at the bottom > to see the FULL JSON Profile will see two alert boxes as shown below. > !4.png! > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (DRILL-7276) xss(bug) in apache drill Web UI latest verion 1.16.0 when authenticated
[ https://issues.apache.org/jira/browse/DRILL-7276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arina Ielchiieva updated DRILL-7276: Reviewer: Volodymyr Vysotskyi > xss(bug) in apache drill Web UI latest verion 1.16.0 when authenticated > > > Key: DRILL-7276 > URL: https://issues.apache.org/jira/browse/DRILL-7276 > Project: Apache Drill > Issue Type: Bug > Components: Web Server >Affects Versions: 1.16.0 >Reporter: shuiboye >Assignee: Anton Gozhiy >Priority: Major > Fix For: 1.17.0 > > Attachments: 1.png, 2.png, 4.png > > > In the query page,I select the "SQL" of the "Query Type" and in the "Query" > field I input "*select '' FROM cp.`employee.json`*". > !1.png! > After submitting,I get the Query Profile whose url is > "*[http://127.0.0.1:8047/profiles/231beb11-4b43-0762-8b90-76a9af2edd24]*";. > !2.png! > Any user who visits the profile page and clicks "JSON profile" at the bottom > to see the FULL JSON Profile will see two alert boxes as shown below. > !4.png! > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (DRILL-7276) xss(bug) in apache drill Web UI latest verion 1.16.0 when authenticated
[ https://issues.apache.org/jira/browse/DRILL-7276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Volodymyr Vysotskyi updated DRILL-7276: --- Labels: ready-to-commit (was: ) > xss(bug) in apache drill Web UI latest verion 1.16.0 when authenticated > > > Key: DRILL-7276 > URL: https://issues.apache.org/jira/browse/DRILL-7276 > Project: Apache Drill > Issue Type: Bug > Components: Web Server >Affects Versions: 1.16.0 >Reporter: shuiboye >Assignee: Anton Gozhiy >Priority: Major > Labels: ready-to-commit > Fix For: 1.17.0 > > Attachments: 1.png, 2.png, 4.png > > > In the query page,I select the "SQL" of the "Query Type" and in the "Query" > field I input "*select '' FROM cp.`employee.json`*". > !1.png! > After submitting,I get the Query Profile whose url is > "*[http://127.0.0.1:8047/profiles/231beb11-4b43-0762-8b90-76a9af2edd24]*";. > !2.png! > Any user who visits the profile page and clicks "JSON profile" at the bottom > to see the FULL JSON Profile will see two alert boxes as shown below. > !4.png! > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
