CVE-2022-47894

Name of the Vulnerable Software and Affected Versions Apache Zeppelin SAP versions 0.8.0 through 0.10.x

Description The issue is related to improper input validation, which can be exploited by a remote attacker to disclose protected information or cause a denial of service using a specially crafted XML request. This vulnerability affects products that are no longer supported by the maintainer.

Recommendations As a temporary workaround, consider restricting access to the instance to trusted users. Find an alternative to Apache Zeppelin SAP, as the project is retired and no fix will be released. Note that the fix was already merged into the source code, but due to the project's retirement, it will not be released as part of a new version.