Last revised: 06/27/2019
A reflected cross-site scripting (XSS) vulnerability exists in Palo Alto Networks MineMeld. (Ref CVE-2019-1578)
Open Source Community Supported MineMeld version 0.9.60 and earlier. AutoFocus-Hosted MineMeld is NOT affected.
Open Source Community Supported MineMeld version 0.9.62.
Users of affected versions who can’t upgrade to 0.9.62 or later should set the environment variable DISABLE_NEW_EXTENSIONS=1 in MineMeld service startup to prevent the execution of the vulnerable code.
Palo Alto Networks would like to thank Netskope and Veracode for reporting this issue.