Severity: important
Affected versions:
- Apache Zeppelin 0.10.1 before 0.11.1
Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in
Apache Zeppelin.
The attackers can use Shell interpreter as a code generation gateway, and
execute the generated code as a
possible without you.
Jongyoul Lee
Severity: moderate
Affected versions:
- Apache Zeppelin 0.10.1 before 0.11.0
Description:
Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes
in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before
0.11.0.
Users are recommended to upgrade to
Severity: moderate
Affected versions:
- Apache Zeppelin 0.10.1 before 0.11.0
Description:
Improper Input Validation vulnerability in Apache Zeppelin when creating a new
note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before
0.11.0.
Users are recommended to upgrade to
Severity: moderate
Affected versions:
- Apache Zeppelin SAP 0.8.0 before 0.11.0
Description:
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue
affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.
As this project is retired, we do not plan to release a version that
Severity: low
Affected versions:
- Apache Zeppelin through 0.9.0
Description:
Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache
Zeppelin allows an attacker to submit malicious request. This issue affects
Apache Zeppelin Apache Zeppelin version 0.9.0 and prior
Severity: low
Affected versions:
- Apache Zeppelin 0.9.0 before 0.11.0
Description:
Improper Input Validation vulnerability in Apache Zeppelin.
By adding relative path indicators(E.g ..), attackers can see the contents for
any files in the filesystem that the server account can access.
This
Severity: moderate
Affected versions:
- Apache Zeppelin 0.8.2 before 0.11.1
Description:
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can call updating cron API with invalid or improper privileges so
that the notebook can run with the privileges.
This issue
Severity: moderate
Affected versions:
- Apache Zeppelin before 0.11.1
Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in
Apache Zeppelin.
The attacker can inject sensitive configuration or malicious code when
connecting MySQL database via JDBC driver.
Severity: moderate
Affected versions:
- Apache Zeppelin 0.8.2 before 0.11.1
Description:
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can execute malicious queries by setting improper configuration
properties to LDAP search filter.
This issue affects Apache
Severity: moderate
Affected versions:
- Apache Zeppelin 0.8.2 before 0.11.1
Description:
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can execute shell scripts or malicious code by overriding
configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES.
Severity: moderate
Affected versions:
- Apache Zeppelin 0.8.2 before 0.11.1
Description:
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can modify helium.json and exposure XSS attacks to normal users.
This issue affects Apache Zeppelin: from 0.8.2
12 matches
Mail list logo