CVE-2019-10095

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Zeppelin versions 0.9.0 and prior versions

Description A bash command injection issue in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings.

Recommendations For Apache Zeppelin versions 0.9.0 and prior, consider restricting access to the Spark interpreter settings to minimize the risk of exploitation until a fix is available.

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2019-10095

GHSA-4QW8-PGPR-P9MQ

Affected Products

Apache Zeppelin

CVE-2019-10095

Weakness Enumeration

Related Identifiers

Affected Products

References · 17