Maven package

org.apache.oozie/oozie-core

pkg:maven/org.apache.oozie/oozie-core

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-26796	—	<= 5.2.1	—	Mar 22, 2025	UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this iss
CVE-2018-11799	—	< 5.1.0	5.1.0	Dec 19, 2018	Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.
CVE-2017-15712	—	>= 3.1.3, < 5.0.0	5.0.0	Feb 19, 2018	Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie

CVE-2025-26796Mar 22, 2025
affected <= 5.2.1
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this iss
CVE-2018-11799Dec 19, 2018
affected < 5.1.0fixed 5.1.0
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.
CVE-2017-15712Feb 19, 2018
affected >= 3.1.3, < 5.0.0fixed 5.0.0
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie