Besides upgrading to version 2.4.0, is there any other way to resolve this vulnerability? Some companies have restrictions that do not allow direct upgrades. I see that there is a commit ATLAS-4938, which upgrades DOMPurify and is also related to XSS attack. Would it be possible to resolve this vulnerability by merging that commit?
References: https://issues.apache.org/jira/browse/ATLAS-4938 https://github.com/advisories/GHSA-vhxf-7vqr-mrjg On 2025/02/12 19:02:31 Madhan Neethiraj wrote: > Severity: important > > Affected versions: > > - Apache Atlas 2.0.0 through 2.3.0 > > Description: > > An authenticated user can perform XSS and potentially impersonate another > user. > > This issue affects Apache Atlas versions 2.3.0 and earlier. > > Users are recommended to upgrade to version 2.4.0, which fixes the issue. > > Credit: > > basava...@seciqtech.com (finder) > > References: > > https://atlas.apache.org/ > https://www.cve.org/CVERecord?id=CVE-2024-46910 > >
