Unsubscribe

Unsubscribe

CVE-2024-31867: Apache Zeppelin: LDAP search filter query Injection Vulnerability

Severity: moderate Affected versions: - Apache Zeppelin 0.8.2 before 0.11.1 Description: Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppel

Re: Shell interpreter in v0.11.1 is not installed

Hello Nils, Thank you for sharing your concerns and suggestions. I agree with you that we missed some information or instructions. I know it's an excuse but we were challenged with some security issues recently and we had to handle it with priority. I also hope it can be improved well. For the u

CVE-2024-31868: Apache Zeppelin: XSS vulnerability in the helium module

Severity: moderate Affected versions: - Apache Zeppelin 0.8.2 before 0.11.1 Description: Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 befor

CVE-2024-31866: Apache Zeppelin: Interpreter download command does not escape malicious code injection

Severity: moderate Affected versions: - Apache Zeppelin 0.8.2 before 0.11.1 Description: Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This

CVE-2024-31865: Apache Zeppelin: Cron arbitrary user impersonation with improper privileges

Severity: moderate Affected versions: - Apache Zeppelin 0.8.2 before 0.11.1 Description: Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affec

CVE-2024-31864: Apache Zeppelin: Remote code execution by adding malicious JDBC connection string

Severity: moderate Affected versions: - Apache Zeppelin before 0.11.1 Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. Thi

Re: Shell interpreter in v0.11.1 is not installed

Hello Jongyoul, thanks for your effort. The only thing that was a bit irritating to me is the fact that docs and online pages do not really mention the removal as of now. Such as docs for version 0.11.1.[1] Again, maybe missing something here. About the usage. We degraded Zeppelin from an in