{"id":"CVE-2021-29994","details":"Cloudera Hue 4.6.0 allows XSS.","modified":"2026-04-12T02:46:17.994557Z","published":"2021-11-08T13:15:07.567Z","references":[{"type":"ADVISORY","url":"https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"},{"type":"ADVISORY","url":"https://github.com/cloudera/hue"},{"type":"ADVISORY","url":"https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudera/hue","events":[{"introduced":"0"},{"last_affected":"17b5fa7ea60f28dbf7669dd3c66fbe53b5b5863f"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"4.6.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:cloudera:hue:4.6.0:*:*:*:*:*:*:*"}}],"versions":["cdh4-base-2.2.0","cdh4-base-2.5.0","cdh5-base-2.5.0","cdh5-base-3.0.0","cdh5-base-3.10.0","cdh5-base-3.5.0","cdh5-base-3.6.0","cdh5-base-3.9.0","release-0.9.1","release-1.1.0","release-3.10.0","release-3.12.0","release-3.5.0","release-3.6.0","release-3.9.0","release-4.0.0","release-4.1.0","release-4.3.0","release-4.5.0","release-4.6.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29994.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}