Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

External JavaScript loading

Description

Hi Team,

Please help on the below case.

Observation
We found that the external service (running on https://<CDAP node>:11011) tries to download JavaScript from an external URL (cdn.jsdelivr.net). In this environment is not allowed to reach external sites.

Risk
An attacker can create and host a fake JavaScript file in order to execute commands in the victim's browser.

Regards,
Ajay.

Release Notes

None

Activity

Show:

Venkatachalapati Rao Jasti September 29, 2021 at 7:29 PM

keen to know, if this issue ever going to be part of any future Release/fix. We are using CDAP 6.3. Thank You in advance,

Venkatachalapati Rao Jasti August 25, 2021 at 12:19 PM

request for an update, if this issue fix planned in any of the upcoming release. We are using CDAP 6.3.

Venkatachalapati Rao Jasti July 21, 2021 at 5:06 AM

, kindly suggest, if any roadmap to cover this issue in the upcoming CDAP releases (post 6.3).

Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Affects versions

Components

Priority

Created May 31, 2021 at 2:27 PM
Updated September 29, 2021 at 7:29 PM
Configure