Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)

Apache Zeppelin is a Web-based open source laptop application from the Apache (USA) Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that stems from the application’s failure to properly filter special elements of constructed snippets, which can be exploited by an attacker to inject sensitive configuration or malicious code when connecting to a MySQL database via a JDBC driver.