Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-04-09T16:05:32.690Z

Updated: 2024-08-02T01:59:50.140Z

Reserved: 2024-04-06T11:50:37.125Z

Link: CVE-2024-31864

cve-icon Vulnrichment

Updated: 2024-07-31T21:00:48.925Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-09T16:15:08.113

Modified: 2024-11-21T09:14:02.747

Link: CVE-2024-31864

cve-icon Redhat

No data.