Vulnerabilities > Apache > Brooklyn > 0.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-13 | CVE-2017-3165 | Cross-site Scripting vulnerability in Apache Brooklyn In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. | 5.4 |
| 2017-09-13 | CVE-2016-8744 | Deserialization of Untrusted Data vulnerability in Apache Brooklyn Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. | 8.8 |
| 2017-09-13 | CVE-2016-8737 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Brooklyn In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. | 8.8 |