Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Thu, 13 Feb 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache Software Foundation
Apache Software Foundation apache Zeppelin |
|
CPEs | cpe:2.3:a:apache_software_foundation:apache_zeppelin:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache Software Foundation
Apache Software Foundation apache Zeppelin |
|
Metrics |
ssvc
|
Thu, 13 Feb 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. |
Wed, 21 Aug 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2025-02-13T17:51:59.550Z
Reserved: 2024-04-06T11:51:00.551Z
Link: CVE-2024-31866

Updated: 2024-08-02T01:59:50.665Z

Status : Awaiting Analysis
Published: 2024-04-09T16:15:08.307
Modified: 2025-02-13T18:18:00.873
Link: CVE-2024-31866

No data.