Code Injection Vulnerability in Apache Zeppelin
CVE-2024-31861

Currently unrated

Key Information:

Vendor

Apache
Status
Apache Zeppelin
Vendor
CVE Published:
11 April 2024

What is CVE-2024-31861?

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.

The attackers can use Shell interpreter as a code generation gateway, and execute the generated code as a normal way. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which doesn't have Shell interpreter by default.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Zeppelin 0.10.1 < 0.11.1

References

https://github.com/apache/zeppelin/pull/4708
patch
https://lists.apache.org/thread/99clvqrht5l5r6kzjzwg2kj94...
vendor-advisory

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Esa Hiltunen
https://teragrep.com
JSON
.