Improper Input Validation vulnerability in Apache Zeppelin.
By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.
This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-04-09T09:08:28.802Z
Updated: 2024-08-02T01:59:49.933Z
Reserved: 2024-04-06T11:49:32.612Z
Link: CVE-2024-31860
Vulnrichment
Updated: 2024-04-22T18:39:20.966Z
NVD
Status : Awaiting Analysis
Published: 2024-04-09T09:15:26.293
Modified: 2024-11-21T09:14:02.200
Link: CVE-2024-31860
Redhat
No data.