Ferenc Denes created OOZIE-2492:
-----------------------------------
Summary: JSON security issue in js code
Key: OOZIE-2492
URL: https://issues.apache.org/jira/browse/OOZIE-2492
Project: Oozie
Issue Type: Bug
Components: client, security
Affects Versions: 4.1.0
Reporter: Ferenc Denes
Assignee: Ferenc Denes
JSON parsing is done using the eval js method in several places in the
oozie-console.js, which allows code injection.
The project already contains a json parser library, which should be used all
around the code.
We are aware that most of the json documents parsed are from the oozie server,
and not from the user directly. However fixing it all will make the code most
robust and consistent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
