Rg

**Name of the Vulnerable Software and Affected Versions** Apache Zeppelin versions prior to 0.11.1 **Description** The issue is related to improper control of code generation, allowing an attacker to inject sensitive configuration or malicious code when connecting to a MySQL database via a JDBC driver. **Recommendations** For Apache Zeppelin versions prior to 0.11.1, upgrade to version 0.11.1 to fix the issue. As a temporary workaround, consider restricting access to the JDBC driver or disabling the code generation feature until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** Apache DolphinScheduler versions prior to 3.2.1 **Description** This issue is an Arbitrary File Read Vulnerability in Apache DolphinScheduler. It is recommended that users upgrade to version 3.2.1 to fix the issue. **Recommendations** For versions prior to 3.2.1, upgrade Apache DolphinScheduler to version 3.2.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Ambari versions 2.7.0 through 2.7.6 **Description** The issue allows a malicious authenticated user to execute arbitrary code remotely due to SpringEL injection in the metrics source. Users are recommended to upgrade to version 2.7.7 to resolve the issue. **Recommendations** For Apache Ambari versions 2.7.0 through 2.7.6, upgrade to version 2.7.7 to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Lintian versions 1.23.x through 1.23.28 Lintian versions 1.24.x through 1.24.2.1 Lintian versions 2.x before 2.3.2 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be exploited remotely. **Recommendations** For Lintian versions 1.23.x through 1.23.28, update to a version after 1.23.28 or apply a patch if available. For Lintian versions 1.24.x through 1.24.2.1, update to a version after 1.24.2.1 or apply a patch if available. For Lintian versions 2.x before 2.3.2, update to version 2.3.2 or later.