PT-2025-31782 · Apache · Apache Zeppelin

Calum Hutton

Published

2025-08-03

Updated

2025-08-05

CVE-2024-51775

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Zeppelin versions 0.11.1 through 0.11.x

Description A missing origin validation in WebSockets allows an attacker to access the Zeppelin server from another origin without restriction, potentially exposing internal information about paragraphs.

Recommendations Upgrade to version 0.12.0.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1385

Related Identifiers

CVE-2024-51775

GHSA-XG8J-J6VP-6H5W

Affected Products

Apache Zeppelin

PT-2025-31782 · Apache · Apache Zeppelin

CVE-2024-51775

Weakness Enumeration

Related Identifiers

Affected Products

References · 11