Apache Zeppelin: XSS vulnerability in the helium module
CVE-2024-31868
Currently unrated 🤨
Summary
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Affected Version(s)
Apache Zeppelin < 0.11.1
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
H Ming