Qing Xu

**Name of the Vulnerable Software and Affected Versions** Apache Zeppelin versions 0.8.2 through 0.11.0 **Description** The issue is related to improper input validation, allowing attackers to execute malicious queries by setting improper configuration properties to LDAP search filter. **Recommendations** For Apache Zeppelin versions 0.8.2 through 0.11.0, upgrade to version 0.11.1 to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Apache DolphinScheduler versions prior to 3.2.1 **Description** The issue is related to session fixation, where a session remains valid after a password change. This could potentially allow unauthorized access. Users are advised to upgrade to a version that fixes this issue. **Recommendations** For Apache DolphinScheduler versions prior to 3.2.1, upgrade to version 3.2.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Apache Solr versions 6.0.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.3.0 Apache Solr versions 9.0.0 before 9.4.1 **Description** The issue is related to the exposure of sensitive information to an unauthorized actor in Apache Solr. Solr Streaming Expressions allows users to extract data from other Solr Clouds using a `zkHost` parameter. When the original SolrCloud is set up to use ZooKeeper credentials and ACLs, they will be sent to whatever `zkHost` the user provides. An attacker could set up a server to mock ZooKeeper, accepting ZooKeeper requests with credentials and ACLs, and extract sensitive information. Then, they could send a streaming expression using the mock server's address in `zkHost`. Streaming Expressions are exposed via the "/streaming" handler with "read" permissions. **Recommendations** For Apache Solr versions 6.0.0 through 8.11.2, upgrade to version 8.11.3. For Apache Solr versions 9.0.0 through 9.3.0, upgrade to version 9.3.0. For Apache Solr versions 9.0.0 before 9.4.1, upgrade to version 9.4.1. As a temporary workaround, consider restricting access to the `/streaming` handler to minimize the risk of exploitation. Avoid using the `zkHost` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** helix-core versions prior to 1.3.0 helix-rest versions prior to 1.3.0 **Description** An attacker can use SnakeYAML to deserialize `java.net.URLClassLoader` and make it load a JAR from a specified URL, and then deserialize `javax.script.ScriptEngineManager` to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run in Helix REST start and Workflow creation. **Recommendations** For helix-core versions prior to 1.3.0: As a short-term mitigation, stop using any YAML-based configuration and workflow creation. As a long-term solution, update to version 1.3.0. For helix-rest versions prior to 1.3.0: As a short-term mitigation, stop using any YAML-based configuration and workflow creation. As a long-term solution, update to version 1.3.0.

**Name of the Vulnerable Software and Affected Versions** SoftwareX versions prior to 2.0.0-M9 **Description** The issue allows an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. This enables the end-user to enter javascript or similar, which would be executed. The inputted strings are now properly escaped when rendered. **Recommendations** For versions prior to 2.0.0-M9, update to version 2.0.0-M9 or later to ensure inputted strings are properly escaped when rendered.