Severity: moderate

Affected versions:

- Apache Zeppelin 0.8.2 before 0.11.1


Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.

The attackers can modify helium.json and exposure XSS attacks to normal users.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.


H Ming (finder)


Reply via email to