[
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14526080#comment-14526080
]
Hudson commented on YARN-1993:
------------------------------
SUCCESS: Integrated in Hadoop-Hdfs-trunk-Java8 #173 (See
[https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/173/])
YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed
byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092)
* hadoop-yarn-project/CHANGES.txt
*
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
> Cross-site scripting vulnerability in TextView.java
> ---------------------------------------------------
>
> Key: YARN-1993
> URL: https://issues.apache.org/jira/browse/YARN-1993
> Project: Hadoop YARN
> Issue Type: Bug
> Components: webapp
> Reporter: Ted Yu
> Assignee: Kenji Kikushima
> Fix For: 2.8.0
>
> Attachments: YARN-1993.patch
>
>
> In
> hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
> , method echo() e.g. :
> {code}
> for (Object s : args) {
> out.print(s);
> }
> {code}
> Printing s to an HTML page allows cross-site scripting, because it was not
> properly sanitized for context HTML attribute name.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
