Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-04-09T09:08:28.802Z

Updated: 2024-08-02T01:59:49.933Z

Reserved: 2024-04-06T11:49:32.612Z

Link: CVE-2024-31860

cve-icon Vulnrichment

Updated: 2024-04-22T18:39:20.966Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-09T09:15:26.293

Modified: 2024-11-21T09:14:02.200

Link: CVE-2024-31860

cve-icon Redhat

No data.