Cross-Site Scripting Vulnerability in Apache Zeppelin by Apache
CVE-2024-41177
6.1MEDIUM
What is CVE-2024-41177?
An incomplete blacklist vulnerability in Apache Zeppelin can be exploited to execute unauthorized scripts in the user's browser session. This flaw affects versions prior to 0.12.0, and users are strongly encouraged to upgrade to this latest version to rectify the vulnerability and enhance their application's security posture.
Affected Version(s)
Apache Zeppelin 0 < 0.12.0