PT-2024-24250 · Apache · Apache Zeppelin
Esa Hiltunen
·
Published
2024-04-09
·
Updated
2025-05-05
·
CVE-2024-31862
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Apache Zeppelin versions 0.10.1 through 0.10.x (before 0.11.0)
Description
The issue is related to an Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI. Users are recommended to upgrade to a fixed version.
Recommendations
For Apache Zeppelin versions 0.10.1 through 0.10.x, upgrade to version 0.11.0 to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Zeppelin