Lucene search
China National Vulnerability DatabaseCNVD-2024-17933HistoryApr 11, 2024 - 12:00 a.m.
Apache Zeppelin Code Execution Vulnerability
2024-04-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
apache zeppelin
web-based
open source
laptop application
apache foundation
code execution vulnerability
shell scripts
malicious code
configurations
zeppelin_intp_classpath_overrides
data analysis
collaborative documentation
attacker
exploit
Apache Zeppelin is a Web-based open source laptop application from the Apache (USA) Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin has a code execution vulnerability that can be exploited by an attacker to execute shell scripts or malicious code by overriding configurations like ZEPPELIN_INTP_CLASSPATH_OVERRIDES.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache zeppelin >=0.8.2, | lt | 0.11.1 |
Related
cvelist
cvelist
nvd
nvd
CVE-2024-31866
2024-04-09 16:15:08
github
github
Improper escaping in Apache Zeppelin
2024-04-09 18:30:22
osv
osv
Improper escaping in Apache Zeppelin
2024-04-09 18:30:22
cve
cve
CVE-2024-31866
2024-04-09 16:15:08
veracode
veracode
Code Injection
2024-04-12 12:40:49