Cross-Site Scripting Vulnerability in Apache Zeppelin by Apache
CVE-2024-41177

6.1MEDIUM

Key Information:

Vendor

Apache

Vendor
CVE Published:
3 August 2025

What is CVE-2024-41177?

An incomplete blacklist vulnerability in Apache Zeppelin can be exploited to execute unauthorized scripts in the user's browser session. This flaw affects versions prior to 0.12.0, and users are strongly encouraged to upgrade to this latest version to rectify the vulnerability and enhance their application's security posture.

Affected Version(s)

Apache Zeppelin 0 < 0.12.0

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

H Ming
.