Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.
The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver.
This issue affects Apache Zeppelin: before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-04-09T16:05:32.690Z
Updated: 2024-08-02T01:59:50.140Z
Reserved: 2024-04-06T11:50:37.125Z
Link: CVE-2024-31864
Vulnrichment
Updated: 2024-07-31T21:00:48.925Z
NVD
Status : Awaiting Analysis
Published: 2024-04-09T16:15:08.113
Modified: 2024-11-21T09:14:02.747
Link: CVE-2024-31864
Redhat
No data.