Improper Input Validation vulnerability in Apache Zeppelin
CVE-2024-31862

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Zeppelin
Vendor: CVE Published:; 9 April 2024

Summary

Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.

Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Affected Version(s)

Apache Zeppelin 0.10.1 < 0.11.0

References

https://github.com/apache/zeppelin/pull/4632

patch

https://lists.apache.org/thread/73xdjx43yg4yz8bd4p3o8vzyy...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/04/09/5

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Apr 6, 2024

Credit

Esa Hiltunen

https://teragrep.com