Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can execute shell scripts or malicious code by overriding configuration likeĀ ZEPPELIN_INTP_CLASSPATH_OVERRIDES.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Wed, 21 Aug 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-04-09T16:09:12.117Z
Updated: 2024-08-21T14:33:03.134Z
Reserved: 2024-04-06T11:51:00.551Z
Link: CVE-2024-31866
Vulnrichment
Updated: 2024-08-02T01:59:50.665Z
NVD
Status : Awaiting Analysis
Published: 2024-04-09T16:15:08.307
Modified: 2024-11-21T09:14:03.150
Link: CVE-2024-31866
Redhat
No data.